xref: /titanic_50/usr/src/cmd/sendmail/cf/README (revision bdfc6d18da790deeec2e0eb09c625902defe2498)
1
2		SENDMAIL CONFIGURATION FILES
3
4This document describes the sendmail configuration files.  It
5explains how to create a sendmail.cf file for use with sendmail.
6It also describes how to set options for sendmail which are explained
7in the Sendmail Installation and Operation guide, which can be found
8on-line at http://www.sendmail.org/%7Eca/email/doc8.12/op.html .
9Recall this URL throughout this document when references to
10doc/op/op.* are made.
11
12Table of Content:
13
14INTRODUCTION AND EXAMPLE
15A BRIEF INTRODUCTION TO M4
16FILE LOCATIONS
17OSTYPE
18DOMAINS
19MAILERS
20FEATURES
21HACKS
22SITE CONFIGURATION
23USING UUCP MAILERS
24TWEAKING RULESETS
25MASQUERADING AND RELAYING
26USING LDAP FOR ALIASES, MAPS, AND CLASSES
27LDAP ROUTING
28ANTI-SPAM CONFIGURATION CONTROL
29CONNECTION CONTROL
30STARTTLS
31ADDING NEW MAILERS OR RULESETS
32ADDING NEW MAIL FILTERS
33QUEUE GROUP DEFINITIONS
34NON-SMTP BASED CONFIGURATIONS
35WHO AM I?
36ACCEPTING MAIL FOR MULTIPLE NAMES
37USING MAILERTABLES
38USING USERDB TO MAP FULL NAMES
39MISCELLANEOUS SPECIAL FEATURES
40SECURITY NOTES
41TWEAKING CONFIGURATION OPTIONS
42MESSAGE SUBMISSION PROGRAM
43FORMAT OF FILES AND MAPS
44DIRECTORY LAYOUT
45ADMINISTRATIVE DETAILS
46
47
48+--------------------------+
49| INTRODUCTION AND EXAMPLE |
50+--------------------------+
51
52Configuration files are contained in the subdirectory "cf", with a
53suffix ".mc".  They must be run through "m4" to produce a ".cf" file.
54You must pre-load "cf.m4":
55
56	m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
57
58Alternatively, you can simply:
59
60	cd ${CFDIR}/cf
61	/usr/ccs/bin/make config.cf
62
63where ${CFDIR} is the root of the cf directory and config.mc is the
64name of your configuration file.  If you are running a version of M4
65that understands the __file__ builtin (versions of GNU m4 >= 0.75 do
66this, but the versions distributed with 4.4BSD and derivatives do not)
67or the -I flag (ditto), then ${CFDIR} can be in an arbitrary directory.
68For "traditional" versions, ${CFDIR} ***MUST*** be "..", or you MUST
69use -D_CF_DIR_=/path/to/cf/dir/ -- note the trailing slash!  For example:
70
71	m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 config.mc > config.cf
72
73Let's examine a typical .mc file:
74
75	divert(-1)
76	#
77	# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
78	#	All rights reserved.
79	# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
80	# Copyright (c) 1988, 1993
81	#	The Regents of the University of California.  All rights reserved.
82	#
83	# By using this file, you agree to the terms and conditions set
84	# forth in the LICENSE file which can be found at the top level of
85	# the sendmail distribution.
86	#
87
88	#
89	#  This is a Berkeley-specific configuration file for HP-UX 9.x.
90	#  It applies only to the Computer Science Division at Berkeley,
91	#  and should not be used elsewhere.   It is provided on the sendmail
92	#  distribution as a sample only.  To create your own configuration
93	#  file, create an appropriate domain file in ../domain, change the
94	#  `DOMAIN' macro below to reference that file, and copy the result
95	#  to a name of your own choosing.
96	#
97	divert(0)
98
99The divert(-1) will delete the crud in the resulting output file.
100The copyright notice can be replaced by whatever your lawyers require;
101our lawyers require the one that is included in these files.  A copyleft
102is a copyright by another name.  The divert(0) restores regular output.
103
104	VERSIONID(`<SCCS or RCS version id>')
105
106VERSIONID is a macro that stuffs the version information into the
107resulting file.  You could use SCCS, RCS, CVS, something else, or
108omit it completely.  This is not the same as the version id included
109in SMTP greeting messages -- this is defined in m4/version.m4.
110
111	OSTYPE(`hpux9')dnl
112
113You must specify an OSTYPE to properly configure things such as the
114pathname of the help and status files, the flags needed for the local
115mailer, and other important things.  If you omit it, you will get an
116error when you try to build the configuration.  Look at the ostype
117directory for the list of known operating system types.
118
119	DOMAIN(`CS.Berkeley.EDU')dnl
120
121This example is specific to the Computer Science Division at Berkeley.
122You can use "DOMAIN(`generic')" to get a sufficiently bland definition
123that may well work for you, or you can create a customized domain
124definition appropriate for your environment.
125
126	MAILER(`local')
127	MAILER(`smtp')
128
129These describe the mailers used at the default CS site.  The local
130mailer is always included automatically.  Beware: MAILER declarations
131should only be followed by LOCAL_* sections.  The general rules are
132that the order should be:
133
134	VERSIONID
135	OSTYPE
136	DOMAIN
137	FEATURE
138	local macro definitions
139	MAILER
140	LOCAL_CONFIG
141	LOCAL_RULE_*
142	LOCAL_RULESETS
143
144There are a few exceptions to this rule.  Local macro definitions which
145influence a FEATURE() should be done before that feature.  For example,
146a define(`PROCMAIL_MAILER_PATH', ...) should be done before
147FEATURE(`local_procmail').
148
149
150+----------------------------+
151| A BRIEF INTRODUCTION TO M4 |
152+----------------------------+
153
154Sendmail uses the M4 macro processor to ``compile'' the configuration
155files.  The most important thing to know is that M4 is stream-based,
156that is, it doesn't understand about lines.  For this reason, in some
157places you may see the word ``dnl'', which stands for ``delete
158through newline''; essentially, it deletes all characters starting
159at the ``dnl'' up to and including the next newline character.  In
160most cases sendmail uses this only to avoid lots of unnecessary
161blank lines in the output.
162
163Other important directives are define(A, B) which defines the macro
164``A'' to have value ``B''.  Macros are expanded as they are read, so
165one normally quotes both values to prevent expansion.  For example,
166
167	define(`SMART_HOST', `smart.foo.com')
168
169One word of warning:  M4 macros are expanded even in lines that appear
170to be comments.  For example, if you have
171
172	# See FEATURE(`foo') above
173
174it will not do what you expect, because the FEATURE(`foo') will be
175expanded.  This also applies to
176
177	# And then define the $X macro to be the return address
178
179because ``define'' is an M4 keyword.  If you want to use them, surround
180them with directed quotes, `like this'.
181
182Since m4 uses single quotes (opening "`" and closing "'") to quote
183arguments, those quotes can't be used in arguments.  For example,
184it is not possible to define a rejection message containing a single
185quote. Usually there are simple workarounds by changing those
186messages; in the worst case it might be ok to change the value
187directly in the generated .cf file, which however is not advised.
188
189+----------------+
190| FILE LOCATIONS |
191+----------------+
192
193sendmail 8.9 has introduced a new configuration directory for sendmail
194related files, /etc/mail.  The new files available for sendmail 8.9 --
195the class {R} /etc/mail/relay-domains and the access database
196/etc/mail/access -- take advantage of this new directory.  Beginning with
1978.10, all files will use this directory by default (some options may be
198set by OSTYPE() files).  This new directory should help to restore
199uniformity to sendmail's file locations.
200
201Below is a table of some of the common changes:
202
203Old filename			New filename
204------------			------------
205/etc/bitdomain			/etc/mail/bitdomain
206/etc/domaintable		/etc/mail/domaintable
207/etc/genericstable		/etc/mail/genericstable
208/etc/uudomain			/etc/mail/uudomain
209/etc/virtusertable		/etc/mail/virtusertable
210/etc/userdb			/etc/mail/userdb
211
212/etc/aliases			/etc/mail/aliases
213/etc/sendmail/aliases		/etc/mail/aliases
214/etc/ucbmail/aliases		/etc/mail/aliases
215/usr/adm/sendmail/aliases	/etc/mail/aliases
216/usr/lib/aliases		/etc/mail/aliases
217/usr/lib/mail/aliases		/etc/mail/aliases
218/usr/ucblib/aliases		/etc/mail/aliases
219
220/etc/sendmail.cw		/etc/mail/local-host-names
221/etc/mail/sendmail.cw		/etc/mail/local-host-names
222/etc/sendmail/sendmail.cw	/etc/mail/local-host-names
223
224/etc/sendmail.ct		/etc/mail/trusted-users
225
226/etc/sendmail.oE		/etc/mail/error-header
227
228/etc/sendmail.hf		/etc/mail/helpfile
229/etc/mail/sendmail.hf		/etc/mail/helpfile
230/usr/ucblib/sendmail.hf		/etc/mail/helpfile
231/etc/ucbmail/sendmail.hf	/etc/mail/helpfile
232/usr/lib/sendmail.hf		/etc/mail/helpfile
233/usr/share/lib/sendmail.hf	/etc/mail/helpfile
234/usr/share/misc/sendmail.hf	/etc/mail/helpfile
235/share/misc/sendmail.hf		/etc/mail/helpfile
236
237/etc/service.switch		/etc/mail/service.switch
238
239/etc/sendmail.st		/etc/mail/statistics
240/etc/mail/sendmail.st		/etc/mail/statistics
241/etc/mailer/sendmail.st		/etc/mail/statistics
242/etc/sendmail/sendmail.st	/etc/mail/statistics
243/usr/lib/sendmail.st		/etc/mail/statistics
244/usr/ucblib/sendmail.st		/etc/mail/statistics
245
246Note that all of these paths actually use a new m4 macro MAIL_SETTINGS_DIR
247to create the pathnames.  The default value of this variable is
248`/etc/mail/'.  If you set this macro to a different value, you MUST include
249a trailing slash.
250
251Notice: all filenames used in a .mc (or .cf) file should be absolute
252(starting at the root, i.e., with '/').  Relative filenames most
253likely cause surprises during operations (unless otherwise noted).
254
255
256+--------+
257| OSTYPE |
258+--------+
259
260You MUST define an operating system environment, or the configuration
261file build will puke.  There are several environments available; look
262at the "ostype" directory for the current list.  This macro changes
263things like the location of the alias file and queue directory.  Some
264of these files are identical to one another.
265
266It is IMPERATIVE that the OSTYPE occur before any MAILER definitions.
267In general, the OSTYPE macro should go immediately after any version
268information, and MAILER definitions should always go last.
269
270Operating system definitions are usually easy to write.  They may define
271the following variables (everything defaults, so an ostype file may be
272empty).  Unfortunately, the list of configuration-supported systems is
273not as broad as the list of source-supported systems, since many of
274the source contributors do not include corresponding ostype files.
275
276ALIAS_FILE		[/etc/mail/aliases] The location of the text version
277			of the alias file(s).  It can be a comma-separated
278			list of names (but be sure you quote values with
279			commas in them -- for example, use
280				define(`ALIAS_FILE', `a,b')
281			to get "a" and "b" both listed as alias files;
282			otherwise the define() primitive only sees "a").
283HELP_FILE		[/etc/mail/helpfile] The name of the file
284			containing information printed in response to
285			the SMTP HELP command.
286QUEUE_DIR		[/var/spool/mqueue] The directory containing
287			queue files.  To use multiple queues, supply
288			a value ending with an asterisk.  For
289			example, /var/spool/mqueue/qd* will use all of the
290			directories or symbolic links to directories
291			beginning with 'qd' in /var/spool/mqueue as queue
292			directories.  The names 'qf', 'df', and 'xf' are
293			reserved as specific subdirectories for the
294			corresponding queue file types as explained in
295			doc/op/op.me.  See also QUEUE GROUP DEFINITIONS.
296MSP_QUEUE_DIR		[/var/spool/clientmqueue] The directory containing
297			queue files for the MSP (Mail Submission Program).
298STATUS_FILE		[/etc/mail/statistics] The file containing status
299			information.
300LOCAL_MAILER_PATH	[/bin/mail] The program used to deliver local mail.
301LOCAL_MAILER_FLAGS	[Prmn9] The flags used by the local mailer.  The
302			flags lsDFMAw5:/|@q are always included.
303LOCAL_MAILER_ARGS	[mail -d $u] The arguments passed to deliver local
304			mail.
305LOCAL_MAILER_MAX	[undefined] If defined, the maximum size of local
306			mail that you are willing to accept.
307LOCAL_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
308			messages to deliver in a single connection.  Only
309			useful for LMTP local mailers.
310LOCAL_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
311			that ARRIVE from an address that resolves to the
312			local mailer and which are converted to MIME will be
313			labeled with this character set.
314LOCAL_MAILER_EOL	[undefined] If defined, the string to use as the
315			end of line for the local mailer.
316LOCAL_MAILER_DSN_DIAGNOSTIC_CODE
317			[X-Unix] The DSN Diagnostic-Code value for the
318			local mailer.  This should be changed with care.
319LOCAL_SHELL_PATH	[/bin/sh] The shell used to deliver piped email.
320LOCAL_SHELL_FLAGS	[eu9] The flags used by the shell mailer.  The
321			flags lsDFM are always included.
322LOCAL_SHELL_ARGS	[sh -c $u] The arguments passed to deliver "prog"
323			mail.
324LOCAL_SHELL_DIR		[$z:/] The directory search path in which the
325			shell should run.
326LOCAL_MAILER_QGRP	[undefined] The queue group for the local mailer.
327SMTP_MAILER_FLAGS	[undefined] Flags added to SMTP mailer.  Default
328			flags are `mDFMuX' for all SMTP-based mailers; the
329			"esmtp" mailer adds `a'; "smtp8" adds `8'; and
330			"dsmtp" adds `%'.
331RELAY_MAILER_FLAGS	[undefined] Flags added to the relay mailer.  Default
332			flags are `mDFMuX' for all SMTP-based mailers; the
333			relay mailer adds `a8'.  If this is not defined,
334			then SMTP_MAILER_FLAGS is used.
335SMTP_MAILER_MAX		[undefined] The maximum size of messages that will
336			be transported using the smtp, smtp8, esmtp, or dsmtp
337			mailers.
338SMTP_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
339			messages to deliver in a single connection for the
340			smtp, smtp8, esmtp, or dsmtp mailers.
341SMTP_MAILER_MAXRCPTS	[undefined] If defined, the maximum number of
342			recipients to deliver in a single connection for the
343			smtp, smtp8, esmtp, or dsmtp mailers.
344SMTP_MAILER_ARGS	[TCP $h] The arguments passed to the smtp mailer.
345			About the only reason you would want to change this
346			would be to change the default port.
347ESMTP_MAILER_ARGS	[TCP $h] The arguments passed to the esmtp mailer.
348SMTP8_MAILER_ARGS	[TCP $h] The arguments passed to the smtp8 mailer.
349DSMTP_MAILER_ARGS	[TCP $h] The arguments passed to the dsmtp mailer.
350RELAY_MAILER_ARGS	[TCP $h] The arguments passed to the relay mailer.
351SMTP_MAILER_QGRP	[undefined] The queue group for the smtp mailer.
352ESMTP_MAILER_QGRP	[undefined] The queue group for the esmtp mailer.
353SMTP8_MAILER_QGRP	[undefined] The queue group for the smtp8 mailer.
354DSMTP_MAILER_QGRP	[undefined] The queue group for the dsmtp mailer.
355RELAY_MAILER_QGRP	[undefined] The queue group for the relay mailer.
356RELAY_MAILER_MAXMSGS	[undefined] If defined, the maximum number of
357			messages to deliver in a single connection for the
358			relay mailer.
359SMTP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
360			that ARRIVE from an address that resolves to one of
361			the SMTP mailers and which are converted to MIME will
362			be labeled with this character set.
363UUCP_MAILER_PATH	[/usr/bin/uux] The program used to send UUCP mail.
364UUCP_MAILER_FLAGS	[undefined] Flags added to UUCP mailer.  Default
365			flags are `DFMhuU' (and `m' for uucp-new mailer,
366			minus `U' for uucp-dom mailer).
367UUCP_MAILER_ARGS	[uux - -r -z -a$g -gC $h!rmail ($u)] The arguments
368			passed to the UUCP mailer.
369UUCP_MAILER_MAX		[100000] The maximum size message accepted for
370			transmission by the UUCP mailers.
371UUCP_MAILER_CHARSET	[undefined] If defined, messages containing 8-bit data
372			that ARRIVE from an address that resolves to one of
373			the UUCP mailers and which are converted to MIME will
374			be labeled with this character set.
375UUCP_MAILER_QGRP	[undefined] The queue group for the UUCP mailers.
376PROCMAIL_MAILER_PATH	[/usr/local/bin/procmail] The path to the procmail
377			program.  This is also used by
378			FEATURE(`local_procmail').
379PROCMAIL_MAILER_FLAGS	[SPhnu9] Flags added to Procmail mailer.  Flags
380			DFM are always set.  This is NOT used by
381			FEATURE(`local_procmail'); tweak LOCAL_MAILER_FLAGS
382			instead.
383PROCMAIL_MAILER_ARGS	[procmail -Y -m $h $f $u] The arguments passed to
384			the Procmail mailer.  This is NOT used by
385			FEATURE(`local_procmail'); tweak LOCAL_MAILER_ARGS
386			instead.
387PROCMAIL_MAILER_MAX	[undefined] If set, the maximum size message that
388			will be accepted by the procmail mailer.
389PROCMAIL_MAILER_QGRP	[undefined] The queue group for the procmail mailer.
390confEBINDIR		[/usr/libexec] The directory for executables.
391			Currently used for FEATURE(`local_lmtp') and
392			FEATURE(`smrsh').
393LOCAL_PROG_QGRP		[undefined] The queue group for the prog mailer.
394
395Note: to tweak Name_MAILER_FLAGS use the macro MODIFY_MAILER_FLAGS:
396MODIFY_MAILER_FLAGS(`Name', `change') where Name is the first part of
397the macro Name_MAILER_FLAGS and change can be: flags that should
398be used directly (thus overriding the default value), or if it
399starts with `+' (`-') then those flags are added to (removed from)
400the default value.  Example:
401
402	MODIFY_MAILER_FLAGS(`LOCAL', `+e')
403
404will add the flag `e' to LOCAL_MAILER_FLAGS.  Notice: there are
405several smtp mailers all of which are manipulated individually.
406See the section MAILERS for the available mailer names.
407WARNING: The FEATUREs local_lmtp and local_procmail set LOCAL_MAILER_FLAGS
408unconditionally, i.e., without respecting any definitions in an
409OSTYPE setting.
410
411
412+---------+
413| DOMAINS |
414+---------+
415
416You will probably want to collect domain-dependent defines into one
417file, referenced by the DOMAIN macro.  For example, the Berkeley
418domain file includes definitions for several internal distinguished
419hosts:
420
421UUCP_RELAY	The host that will accept UUCP-addressed email.
422		If not defined, all UUCP sites must be directly
423		connected.
424BITNET_RELAY	The host that will accept BITNET-addressed email.
425		If not defined, the .BITNET pseudo-domain won't work.
426DECNET_RELAY	The host that will accept DECNET-addressed email.
427		If not defined, the .DECNET pseudo-domain and addresses
428		of the form node::user will not work.
429FAX_RELAY	The host that will accept mail to the .FAX pseudo-domain.
430		The "fax" mailer overrides this value.
431LOCAL_RELAY	The site that will handle unqualified names -- that
432		is, names without an @domain extension.
433		Normally MAIL_HUB is preferred for this function.
434		LOCAL_RELAY is mostly useful in conjunction with
435		FEATURE(`stickyhost') -- see the discussion of
436		stickyhost below.  If not set, they are assumed to
437		belong on this machine.  This allows you to have a
438		central site to store a company- or department-wide
439		alias database.  This only works at small sites,
440		and only with some user agents.
441LUSER_RELAY	The site that will handle lusers -- that is, apparently
442		local names that aren't local accounts or aliases.  To
443		specify a local user instead of a site, set this to
444		``local:username''.
445
446Any of these can be either ``mailer:hostname'' (in which case the
447mailer is the internal mailer name, such as ``uucp-new'' and the hostname
448is the name of the host as appropriate for that mailer) or just a
449``hostname'', in which case a default mailer type (usually ``relay'',
450a variant on SMTP) is used.  WARNING: if you have a wildcard MX
451record matching your domain, you probably want to define these to
452have a trailing dot so that you won't get the mail diverted back
453to yourself.
454
455The domain file can also be used to define a domain name, if needed
456(using "DD<domain>") and set certain site-wide features.  If all hosts
457at your site masquerade behind one email name, you could also use
458MASQUERADE_AS here.
459
460You do not have to define a domain -- in particular, if you are a
461single machine sitting off somewhere, it is probably more work than
462it's worth.  This is just a mechanism for combining "domain dependent
463knowledge" into one place.
464
465
466+---------+
467| MAILERS |
468+---------+
469
470There are fewer mailers supported in this version than the previous
471version, owing mostly to a simpler world.  As a general rule, put the
472MAILER definitions last in your .mc file.
473
474local		The local and prog mailers.  You will almost always
475		need these; the only exception is if you relay ALL
476		your mail to another site.  This mailer is included
477		automatically.
478
479smtp		The Simple Mail Transport Protocol mailer.  This does
480		not hide hosts behind a gateway or another other
481		such hack; it assumes a world where everyone is
482		running the name server.  This file actually defines
483		five mailers: "smtp" for regular (old-style) SMTP to
484		other servers, "esmtp" for extended SMTP to other
485		servers, "smtp8" to do SMTP to other servers without
486		converting 8-bit data to MIME (essentially, this is
487		your statement that you know the other end is 8-bit
488		clean even if it doesn't say so), "dsmtp" to do on
489		demand delivery, and "relay" for transmission to the
490		RELAY_HOST, LUSER_RELAY, or MAIL_HUB.
491
492uucp		The UNIX-to-UNIX Copy Program mailer.  Actually, this
493		defines two mailers, "uucp-old" (a.k.a. "uucp") and
494		"uucp-new" (a.k.a. "suucp").  The latter is for when you
495		know that the UUCP mailer at the other end can handle
496		multiple recipients in one transfer.  If the smtp mailer
497		is included in your configuration, two other mailers
498		("uucp-dom" and "uucp-uudom") are also defined [warning: you
499		MUST specify MAILER(`smtp') before MAILER(`uucp')].  When you
500		include the uucp mailer, sendmail looks for all names in
501		class {U} and sends them to the uucp-old mailer; all
502		names in class {Y} are sent to uucp-new; and all
503		names in class {Z} are sent to uucp-uudom.  Note that
504		this is a function of what version of rmail runs on
505		the receiving end, and hence may be out of your control.
506		See the section below describing UUCP mailers in more
507		detail.
508
509procmail	An interface to procmail (does not come with sendmail).
510		This is designed to be used in mailertables.  For example,
511		a common question is "how do I forward all mail for a given
512		domain to a single person?".  If you have this mailer
513		defined, you could set up a mailertable reading:
514
515			host.com	procmail:/etc/procmailrcs/host.com
516
517		with the file /etc/procmailrcs/host.com reading:
518
519			:0	# forward mail for host.com
520			! -oi -f $1 person@other.host
521
522		This would arrange for (anything)@host.com to be sent
523		to person@other.host.  In a procmail script, $1 is the
524		name of the sender and $2 is the name of the recipient.
525		If you use this with FEATURE(`local_procmail'), the FEATURE
526		should be listed first.
527
528		Of course there are other ways to solve this particular
529		problem, e.g., a catch-all entry in a virtusertable.
530
531The local mailer accepts addresses of the form "user+detail", where
532the "+detail" is not used for mailbox matching but is available
533to certain local mail programs (in particular, see
534FEATURE(`local_procmail')).  For example, "eric", "eric+sendmail", and
535"eric+sww" all indicate the same user, but additional arguments <null>,
536"sendmail", and "sww" may be provided for use in sorting mail.
537
538
539+----------+
540| FEATURES |
541+----------+
542
543Special features can be requested using the "FEATURE" macro.  For
544example, the .mc line:
545
546	FEATURE(`use_cw_file')
547
548tells sendmail that you want to have it read an /etc/mail/local-host-names
549file to get values for class {w}.  A FEATURE may contain up to 9
550optional parameters -- for example:
551
552	FEATURE(`mailertable', `dbm /usr/lib/mailertable')
553
554The default database map type for the table features can be set with
555
556	define(`DATABASE_MAP_TYPE', `dbm')
557
558which would set it to use ndbm databases.  The default is the Berkeley DB
559hash database format.  Note that you must still declare a database map type
560if you specify an argument to a FEATURE.  DATABASE_MAP_TYPE is only used
561if no argument is given for the FEATURE.  It must be specified before any
562feature that uses a map.
563
564Also, features which can take a map definition as an argument can also take
565the special keyword `LDAP'.  If that keyword is used, the map will use the
566LDAP definition described in the ``USING LDAP FOR ALIASES, MAPS, AND
567CLASSES'' section below.
568
569Available features are:
570
571use_cw_file	Read the file /etc/mail/local-host-names file to get
572		alternate names for this host.  This might be used if you
573		were on a host that MXed for a dynamic set of other hosts.
574		If the set is static, just including the line "Cw<name1>
575		<name2> ..." (where the names are fully qualified domain
576		names) is probably superior.  The actual filename can be
577		overridden by redefining confCW_FILE.
578
579use_ct_file	Read the file /etc/mail/trusted-users file to get the
580		names of users that will be ``trusted'', that is, able to
581		set their envelope from address using -f without generating
582		a warning message.  The actual filename can be overridden
583		by redefining confCT_FILE.
584
585redirect	Reject all mail addressed to "address.REDIRECT" with
586		a ``551 User has moved; please try <address>'' message.
587		If this is set, you can alias people who have left
588		to their new address with ".REDIRECT" appended.
589
590nouucp		Don't route UUCP addresses.  This feature takes one
591		parameter:
592		`reject': reject addresses which have "!" in the local
593			part unless it originates from a system
594			that is allowed to relay.
595		`nospecial': don't do anything special with "!".
596		Warnings: 1. See the notice in the anti-spam section.
597		2. don't remove "!" from OperatorChars if `reject' is
598		given as parameter.
599
600nocanonify	Don't pass addresses to $[ ... $] for canonification
601		by default, i.e., host/domain names are considered canonical,
602		except for unqualified names, which must not be used in this
603		mode (violation of the standard).  It can be changed by
604		setting the DaemonPortOptions modifiers (M=).  That is,
605		FEATURE(`nocanonify') will be overridden by setting the
606		'c' flag.  Conversely, if FEATURE(`nocanonify') is not used,
607		it can be emulated by setting the 'C' flag
608		(DaemonPortOptions=Modifiers=C).  This would generally only
609		be used by sites that only act as mail gateways or which have
610		user agents that do full canonification themselves.  You may
611		also want to use
612		"define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off
613		the usual resolver options that do a similar thing.
614
615		An exception list for FEATURE(`nocanonify') can be
616		specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
617		i.e., a list of domains which are nevertheless passed to
618		$[ ... $] for canonification.  This is useful to turn on
619		canonification for local domains, e.g., use
620		CANONIFY_DOMAIN(`my.domain my') to canonify addresses
621		which end in "my.domain" or "my".
622		Another way to require canonification in the local
623		domain is CANONIFY_DOMAIN(`$=m').
624
625		A trailing dot is added to addresses with more than
626		one component in it such that other features which
627		expect a trailing dot (e.g., virtusertable) will
628		still work.
629
630		If `canonify_hosts' is specified as parameter, i.e.,
631		FEATURE(`nocanonify', `canonify_hosts'), then
632		addresses which have only a hostname, e.g.,
633		<user@host>, will be canonified (and hopefully fully
634		qualified), too.
635
636stickyhost	This feature is sometimes used with LOCAL_RELAY,
637		although it can be used for a different effect with
638		MAIL_HUB.
639
640		When used without MAIL_HUB, email sent to
641		"user@local.host" are marked as "sticky" -- that
642		is, the local addresses aren't matched against UDB,
643		don't go through ruleset 5, and are not forwarded to
644		the LOCAL_RELAY (if defined).
645
646		With MAIL_HUB, mail addressed to "user@local.host"
647		is forwarded to the mail hub, with the envelope
648		address still remaining "user@local.host".
649		Without stickyhost, the envelope would be changed
650		to "user@mail_hub", in order to protect against
651		mailing loops.
652
653mailertable	Include a "mailer table" which can be used to override
654		routing for particular domains (which are not in class {w},
655		i.e.  local host names).  The argument of the FEATURE may be
656		the key definition.  If none is specified, the definition
657		used is:
658
659			hash /etc/mail/mailertable
660
661		Keys in this database are fully qualified domain names
662		or partial domains preceded by a dot -- for example,
663		"vangogh.CS.Berkeley.EDU" or ".CS.Berkeley.EDU".  As a
664		special case of the latter, "." matches any domain not
665		covered by other keys.  Values must be of the form:
666			mailer:domain
667		where "mailer" is the internal mailer name, and "domain"
668		is where to send the message.  These maps are not
669		reflected into the message header.  As a special case,
670		the forms:
671			local:user
672		will forward to the indicated user using the local mailer,
673			local:
674		will forward to the original user in the e-mail address
675		using the local mailer, and
676			error:code message
677			error:D.S.N:code message
678		will give an error message with the indicated SMTP reply
679		code and message, where D.S.N is an RFC 1893 compliant
680		error code.
681
682domaintable	Include a "domain table" which can be used to provide
683		domain name mapping.  Use of this should really be
684		limited to your own domains.  It may be useful if you
685		change names (e.g., your company changes names from
686		oldname.com to newname.com).  The argument of the
687		FEATURE may be the key definition.  If none is specified,
688		the definition used is:
689
690			hash /etc/mail/domaintable
691
692		The key in this table is the domain name; the value is
693		the new (fully qualified) domain.  Anything in the
694		domaintable is reflected into headers; that is, this
695		is done in ruleset 3.
696
697bitdomain	Look up bitnet hosts in a table to try to turn them into
698		internet addresses.  The table can be built using the
699		bitdomain program contributed by John Gardiner Myers.
700		The argument of the FEATURE may be the key definition; if
701		none is specified, the definition used is:
702
703			hash /etc/mail/bitdomain
704
705		Keys are the bitnet hostname; values are the corresponding
706		internet hostname.
707
708uucpdomain	Similar feature for UUCP hosts.  The default map definition
709		is:
710
711			hash /etc/mail/uudomain
712
713		At the moment there is no automagic tool to build this
714		database.
715
716always_add_domain
717		Include the local host domain even on locally delivered
718		mail.  Normally it is not added on unqualified names.
719		However, if you use a shared message store but do not use
720		the same user name space everywhere, you may need the host
721		name on local names.  An optional argument specifies
722		another domain to be added than the local.
723
724allmasquerade	If masquerading is enabled (using MASQUERADE_AS), this
725		feature will cause recipient addresses to also masquerade
726		as being from the masquerade host.  Normally they get
727		the local hostname.  Although this may be right for
728		ordinary users, it can break local aliases.  For example,
729		if you send to "localalias", the originating sendmail will
730		find that alias and send to all members, but send the
731		message with "To: localalias@masqueradehost".  Since that
732		alias likely does not exist, replies will fail.  Use this
733		feature ONLY if you can guarantee that the ENTIRE
734		namespace on your masquerade host supersets all the
735		local entries.
736
737limited_masquerade
738		Normally, any hosts listed in class {w} are masqueraded.  If
739		this feature is given, only the hosts listed in class {M} (see
740		below:  MASQUERADE_DOMAIN) are masqueraded.  This is useful
741		if you have several domains with disjoint namespaces hosted
742		on the same machine.
743
744masquerade_entire_domain
745		If masquerading is enabled (using MASQUERADE_AS) and
746		MASQUERADE_DOMAIN (see below) is set, this feature will
747		cause addresses to be rewritten such that the masquerading
748		domains are actually entire domains to be hidden.  All
749		hosts within the masquerading domains will be rewritten
750		to the masquerade name (used in MASQUERADE_AS).  For example,
751		if you have:
752
753			MASQUERADE_AS(`masq.com')
754			MASQUERADE_DOMAIN(`foo.org')
755			MASQUERADE_DOMAIN(`bar.com')
756
757		then *foo.org and *bar.com are converted to masq.com.  Without
758		this feature, only foo.org and bar.com are masqueraded.
759
760		    NOTE: only domains within your jurisdiction and
761		    current hierarchy should be masqueraded using this.
762
763local_no_masquerade
764		This feature prevents the local mailer from masquerading even
765		if MASQUERADE_AS is used.  MASQUERADE_AS will only have effect
766		on addresses of mail going outside the local domain.
767
768masquerade_envelope
769		If masquerading is enabled (using MASQUERADE_AS) or the
770		genericstable is in use, this feature will cause envelope
771		addresses to also masquerade as being from the masquerade
772		host.  Normally only the header addresses are masqueraded.
773
774genericstable	This feature will cause unqualified addresses (i.e., without
775		a domain) and addresses with a domain listed in class {G}
776		to be looked up in a map and turned into another ("generic")
777		form, which can change both the domain name and the user name.
778		Notice: if you use an MSP (as it is default starting with
779		8.12), the MTA will only receive qualified addresses from the
780		MSP (as required by the RFCs).  Hence you need to add your
781		domain to class {G}.  This feature is similar to the userdb
782		functionality.  The same types of addresses as for
783		masquerading are looked up, i.e., only header sender
784		addresses unless the allmasquerade and/or masquerade_envelope
785		features are given.  Qualified addresses must have the domain
786		part in class {G}; entries can be added to this class by the
787		macros GENERICS_DOMAIN or GENERICS_DOMAIN_FILE (analogously
788		to MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE, see below).
789
790		The argument of FEATURE(`genericstable') may be the map
791		definition; the default map definition is:
792
793			hash /etc/mail/genericstable
794
795		The key for this table is either the full address, the domain
796		(with a leading @; the localpart is passed as first argument)
797		or the unqualified username (tried in the order mentioned);
798		the value is the new user address.  If the new user address
799		does not include a domain, it will be qualified in the standard
800		manner, i.e., using $j or the masquerade name.  Note that the
801		address being looked up must be fully qualified.  For local
802		mail, it is necessary to use FEATURE(`always_add_domain')
803		for the addresses to be qualified.
804		The "+detail" of an address is passed as %1, so entries like
805
806			old+*@foo.org	new+%1@example.com
807			gen+*@foo.org	%1@example.com
808
809		and other forms are possible.
810
811generics_entire_domain
812		If the genericstable is enabled and GENERICS_DOMAIN or
813		GENERICS_DOMAIN_FILE is used, this feature will cause
814		addresses to be searched in the map if their domain
815		parts are subdomains of elements in class {G}.
816
817virtusertable	A domain-specific form of aliasing, allowing multiple
818		virtual domains to be hosted on one machine.  For example,
819		if the virtuser table contained:
820
821			info@foo.com	foo-info
822			info@bar.com	bar-info
823			joe@bar.com	error:nouser 550 No such user here
824			jax@bar.com	error:5.7.0:550 Address invalid
825			@baz.org	jane@example.net
826
827		then mail addressed to info@foo.com will be sent to the
828		address foo-info, mail addressed to info@bar.com will be
829		delivered to bar-info, and mail addressed to anyone at baz.org
830		will be sent to jane@example.net, mail to joe@bar.com will
831		be rejected with the specified error message, and mail to
832		jax@bar.com will also have a RFC 1893 compliant error code
833		5.7.0.
834
835		The username from the original address is passed
836		as %1 allowing:
837
838			@foo.org	%1@example.com
839
840		meaning someone@foo.org will be sent to someone@example.com.
841		Additionally, if the local part consists of "user+detail"
842		then "detail" is passed as %2 and "+detail" is passed as %3
843		when a match against user+* is attempted, so entries like
844
845			old+*@foo.org	new+%2@example.com
846			gen+*@foo.org	%2@example.com
847			+*@foo.org	%1%3@example.com
848			X++@foo.org	Z%3@example.com
849			@bar.org	%1%3
850
851		and other forms are possible.  Note: to preserve "+detail"
852		for a default case (@domain) %1%3 must be used as RHS.
853		There are two wildcards after "+": "+" matches only a non-empty
854		detail, "*" matches also empty details, e.g., user+@foo.org
855		matches +*@foo.org but not ++@foo.org.  This can be used
856		to ensure that the parameters %2 and %3 are not empty.
857
858		All the host names on the left hand side (foo.com, bar.com,
859		and baz.org) must be in class {w} or class {VirtHost}.  The
860		latter can be defined by the macros VIRTUSER_DOMAIN or
861		VIRTUSER_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
862		MASQUERADE_DOMAIN_FILE, see below).  If VIRTUSER_DOMAIN or
863		VIRTUSER_DOMAIN_FILE is used, then the entries of class
864		{VirtHost} are added to class {R}, i.e., relaying is allowed
865		to (and from) those domains.  The default map definition is:
866
867			hash /etc/mail/virtusertable
868
869		A new definition can be specified as the second argument of
870		the FEATURE macro, such as
871
872			FEATURE(`virtusertable', `dbm /etc/mail/virtusers')
873
874virtuser_entire_domain
875		If the virtusertable is enabled and VIRTUSER_DOMAIN or
876		VIRTUSER_DOMAIN_FILE is used, this feature will cause
877		addresses to be searched in the map if their domain
878		parts are subdomains of elements in class {VirtHost}.
879
880ldap_routing	Implement LDAP-based e-mail recipient routing according to
881		the Internet Draft draft-lachman-laser-ldap-mail-routing-01.
882		This provides a method to re-route addresses with a
883		domain portion in class {LDAPRoute} to either a
884		different mail host or a different address.  Hosts can
885		be added to this class using LDAPROUTE_DOMAIN and
886		LDAPROUTE_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
887		MASQUERADE_DOMAIN_FILE, see below).
888
889		See the LDAP ROUTING section below for more information.
890
891nodns		If you aren't running DNS at your site (for example,
892		you are UUCP-only connected).  It's hard to consider
893		this a "feature", but hey, it had to go somewhere.
894		Actually, as of 8.7 this is a no-op -- remove "dns" from
895		the hosts service switch entry instead.
896
897nullclient	This is a special case -- it creates a configuration file
898		containing nothing but support for forwarding all mail to a
899		central hub via a local SMTP-based network.  The argument
900		is the name of that hub.
901
902		The only other feature that should be used in conjunction
903		with this one is FEATURE(`nocanonify').  No mailers
904		should be defined.  No aliasing or forwarding is done.
905
906local_lmtp	Use an LMTP capable local mailer.  The argument to this
907		feature is the pathname of an LMTP capable mailer.  By
908		default, mail.local is used.  This is expected to be the
909		mail.local which came with the 8.9 distribution which is
910		LMTP capable.  The path to mail.local is set by the
911		confEBINDIR m4 variable -- making the default
912		LOCAL_MAILER_PATH /usr/libexec/mail.local.
913		If a different LMTP capable mailer is used, its pathname
914		can be specified as second parameter and the arguments
915		passed to it (A=) as third parameter, e.g.,
916
917			FEATURE(`local_lmtp', `/usr/local/bin/lmtp', `lmtp')
918
919		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
920		i.e., without respecting any definitions in an OSTYPE setting.
921
922local_procmail	Use procmail or another delivery agent as the local mailer.
923		The argument to this feature is the pathname of the
924		delivery agent, which defaults to PROCMAIL_MAILER_PATH.
925		Note that this does NOT use PROCMAIL_MAILER_FLAGS or
926		PROCMAIL_MAILER_ARGS for the local mailer; tweak
927		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS instead, or
928		specify the appropriate parameters.  When procmail is used,
929		the local mailer can make use of the
930		"user+indicator@local.host" syntax; normally the +indicator
931		is just tossed, but by default it is passed as the -a
932		argument to procmail.
933
934		This feature can take up to three arguments:
935
936		1. Path to the mailer program
937		   [default: /usr/local/bin/procmail]
938		2. Argument vector including name of the program
939		   [default: procmail -Y -a $h -d $u]
940		3. Flags for the mailer [default: SPfhn9]
941
942		Empty arguments cause the defaults to be taken.
943		Note that if you are on a system with a broken
944		setreuid() call, you may need to add -f $f to the procmail
945		argument vector to pass the proper sender to procmail.
946
947		For example, this allows it to use the maildrop
948		(http://www.flounder.net/~mrsam/maildrop/) mailer instead
949		by specifying:
950
951		FEATURE(`local_procmail', `/usr/local/bin/maildrop',
952		 `maildrop -d $u')
953
954		or scanmails using:
955
956		FEATURE(`local_procmail', `/usr/local/bin/scanmails')
957
958		WARNING: This feature sets LOCAL_MAILER_FLAGS unconditionally,
959		i.e.,  without respecting any definitions in an OSTYPE setting.
960
961bestmx_is_local	Accept mail as though locally addressed for any host that
962		lists us as the best possible MX record.  This generates
963		additional DNS traffic, but should be OK for low to
964		medium traffic hosts.  The argument may be a set of
965		domains, which will limit the feature to only apply to
966		these domains -- this will reduce unnecessary DNS
967		traffic.  THIS FEATURE IS FUNDAMENTALLY INCOMPATIBLE WITH
968		WILDCARD MX RECORDS!!!  If you have a wildcard MX record
969		that matches your domain, you cannot use this feature.
970
971smrsh		Use the SendMail Restricted SHell (smrsh) provided
972		with the distribution instead of /bin/sh for mailing
973		to programs.  This improves the ability of the local
974		system administrator to control what gets run via
975		e-mail.  If an argument is provided it is used as the
976		pathname to smrsh; otherwise, the path defined by
977		confEBINDIR is used for the smrsh binary -- by default,
978		/usr/libexec/smrsh is assumed.
979
980promiscuous_relay
981		By default, the sendmail configuration files do not permit
982		mail relaying (that is, accepting mail from outside your
983		local host (class {w}) and sending it to another host than
984		your local host).  This option sets your site to allow
985		mail relaying from any site to any site.  In almost all
986		cases, it is better to control relaying more carefully
987		with the access map, class {R}, or authentication.  Domains
988		can be added to class {R} by the macros RELAY_DOMAIN or
989		RELAY_DOMAIN_FILE (analogously to MASQUERADE_DOMAIN and
990		MASQUERADE_DOMAIN_FILE, see below).
991
992relay_entire_domain
993		This option allows any host in your domain as defined by
994		class {m} to use your server for relaying.  Notice: make
995		sure that your domain is not just a top level domain,
996		e.g., com.  This can happen if you give your host a name
997		like example.com instead of host.example.com.
998
999relay_hosts_only
1000		By default, names that are listed as RELAY in the access
1001		db and class {R} are treated as domain names, not host names.
1002		For example, if you specify ``foo.com'', then mail to or
1003		from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
1004		will all be accepted for relaying.  This feature changes
1005		the behaviour to lookup individual host names only.
1006
1007relay_based_on_MX
1008		Turns on the ability to allow relaying based on the MX
1009		records of the host portion of an incoming recipient; that
1010		is, if an MX record for host foo.com points to your site,
1011		you will accept and relay mail addressed to foo.com.  See
1012		description below for more information before using this
1013		feature.  Also, see the KNOWNBUGS entry regarding bestmx
1014		map lookups.
1015
1016		FEATURE(`relay_based_on_MX') does not necessarily allow
1017		routing of these messages which you expect to be allowed,
1018		if route address syntax (or %-hack syntax) is used.  If
1019		this is a problem, add entries to the access-table or use
1020		FEATURE(`loose_relay_check').
1021
1022relay_mail_from
1023		Allows relaying if the mail sender is listed as RELAY in
1024		the access map.  If an optional argument `domain' (this
1025		is the literal word `domain', not a placeholder) is given,
1026		relaying can be allowed just based on the domain portion
1027		of the sender address.  This feature should only be used if
1028		absolutely necessary as the sender address can be easily
1029		forged.  Use of this feature requires the "From:" tag to
1030		be used for the key in the access map; see the discussion
1031		of tags and FEATURE(`relay_mail_from') in the section on
1032		anti-spam configuration control.
1033
1034relay_local_from
1035		Allows relaying if the domain portion of the mail sender
1036		is a local host.  This should only be used if absolutely
1037		necessary as it opens a window for spammers.  Specifically,
1038		they can send mail to your mail server that claims to be
1039		from your domain (either directly or via a routed address),
1040		and you will go ahead and relay it out to arbitrary hosts
1041		on the Internet.
1042
1043accept_unqualified_senders
1044		Normally, MAIL FROM: commands in the SMTP session will be
1045		refused if the connection is a network connection and the
1046		sender address does not include a domain name.  If your
1047		setup sends local mail unqualified (i.e., MAIL FROM: <joe>),
1048		you will need to use this feature to accept unqualified
1049		sender addresses.  Setting the DaemonPortOptions modifier
1050		'u' overrides the default behavior, i.e., unqualified
1051		addresses are accepted even without this FEATURE.
1052		If this FEATURE is not used, the DaemonPortOptions modifier
1053		'f' can be used to enforce fully qualified addresses.
1054
1055accept_unresolvable_domains
1056		Normally, MAIL FROM: commands in the SMTP session will be
1057		refused if the host part of the argument to MAIL FROM:
1058		cannot be located in the host name service (e.g., an A or
1059		MX record in DNS).  If you are inside a firewall that has
1060		only a limited view of the Internet host name space, this
1061		could cause problems.  In this case you probably want to
1062		use this feature to accept all domains on input, even if
1063		they are unresolvable.
1064
1065access_db	Turns on the access database feature.  The access db gives
1066		you the ability to allow or refuse to accept mail from
1067		specified domains for administrative reasons.  Moreover,
1068		it can control the behavior of sendmail in various situations.
1069		By default, the access database specification is:
1070
1071			hash -T<TMPF> /etc/mail/access
1072
1073		See the anti-spam configuration control section for further
1074		important information about this feature.  Notice:
1075		"-T<TMPF>" is meant literal, do not replace it by anything.
1076
1077blacklist_recipients
1078		Turns on the ability to block incoming mail for certain
1079		recipient usernames, hostnames, or addresses.  For
1080		example, you can block incoming mail to user nobody,
1081		host foo.mydomain.com, or guest@bar.mydomain.com.
1082		These specifications are put in the access db as
1083		described in the anti-spam configuration control section
1084		later in this document.
1085
1086delay_checks	The rulesets check_mail and check_relay will not be called
1087		when a client connects or issues a MAIL command, respectively.
1088		Instead, those rulesets will be called by the check_rcpt
1089		ruleset; they will be skipped under certain circumstances.
1090		See "Delay all checks" in the anti-spam configuration control
1091		section.  Note: this feature is incompatible to the versions
1092		in 8.10 and 8.11.
1093
1094use_client_ptr	If this feature is enabled then check_relay will override
1095		its first argument with $&{client_ptr}.  This is useful for
1096		rejections based on the unverified hostname of client,
1097		which turns on the same behavior as in earlier sendmail
1098		versions when delay_checks was not in use.  See doc/op/op.*
1099		about check_relay, {client_name}, and {client_ptr}.
1100
1101dnsbl		Turns on rejection of hosts found in an DNS based rejection
1102		list.  If an argument is provided it is used as the domain
1103		in which blocked hosts are listed; otherwise it defaults to
1104		blackholes.mail-abuse.org.  An explanation for an DNS based
1105		rejection list can be found at http://mail-abuse.org/rbl/.
1106		A second argument can be used to change the default error
1107		message.  Without that second argument, the error message
1108		will be
1109			Rejected: IP-ADDRESS listed at SERVER
1110		where IP-ADDRESS and SERVER are replaced by the appropriate
1111		information.  By default, temporary lookup failures are
1112		ignored.  This behavior can be changed by specifying a
1113		third argument, which must be either `t' or a full error
1114		message.  See the anti-spam configuration control section for
1115		an example.  The dnsbl feature can be included several times
1116		to query different DNS based rejection lists.  See also
1117		enhdnsbl for an enhanced version.
1118
1119		Set the DNSBL_MAP mc option to change the default map
1120		definition from `host'.  Set the DNSBL_MAP_OPT mc option
1121		to add additional options to the map specification used.
1122
1123		Some DNS based rejection lists cause failures if asked
1124		for AAAA records. If your sendmail version is compiled
1125		with IPv6 support (NETINET6) and you experience this
1126		problem, add
1127
1128			define(`DNSBL_MAP', `dns -R A')
1129
1130		before the first use of this feature.  Alternatively you
1131		can use enhdnsbl instead (see below).  Moreover, this
1132		statement can be used to reduce the number of DNS retries,
1133		e.g.,
1134
1135			define(`DNSBL_MAP', `dns -R A -r2')
1136
1137		See below (EDNSBL_TO) for an explanation.
1138
1139		NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
1140		is a service offered by the Mail Abuse Prevention System
1141		(MAPS).  As of July 31, 2001, MAPS is a subscription
1142		service, so using that network address won't work if you
1143		haven't subscribed.  Contact MAPS to subscribe
1144		(http://mail-abuse.org/).
1145
1146enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
1147		(up to 5) can be used to specify specific return values
1148		from lookups.  Temporary lookup failures are ignored unless
1149		a third argument is given, which must be either `t' or a full
1150		error message.  By default, any successful lookup will
1151		generate an error.  Otherwise the result of the lookup is
1152		compared with the supplied argument(s), and only if a match
1153		occurs an error is generated.  For example,
1154
1155		FEATURE(`enhdnsbl', `dnsbl.example.com', `', `t', `127.0.0.2.')
1156
1157		will reject the e-mail if the lookup returns the value
1158		``127.0.0.2.'', or generate a 451 response if the lookup
1159		temporarily failed.  The arguments can contain metasymbols
1160		as they are allowed in the LHS of rules.  As the example
1161		shows, the default values are also used if an empty argument,
1162		i.e., `', is specified.  This feature requires that sendmail
1163		has been compiled with the flag DNSMAP (see sendmail/README).
1164
1165		Set the EDNSBL_TO mc option to change the DNS retry count
1166		from the default value of 5, this can be very useful when
1167		a DNS server is not responding, which in turn may cause
1168		clients to time out (an entry stating
1169
1170			did not issue MAIL/EXPN/VRFY/ETRN
1171
1172		will be logged).
1173
1174ratecontrol	Enable simple ruleset to do connection rate control
1175		checking.  This requires entries in access_db of the form
1176
1177			ClientRate:IP.ADD.RE.SS		LIMIT
1178
1179		The RHS specifies the maximum number of connections
1180		(an integer number) over the time interval defined
1181		by ConnectionRateWindowSize, where 0 means unlimited.
1182
1183		Take the following example:
1184
1185			ClientRate:10.1.2.3		4
1186			ClientRate:127.0.0.1		0
1187			ClientRate:			10
1188
1189		10.1.2.3 can only make up to 4 connections, the
1190		general limit it 10, and 127.0.0.1 can make an unlimited
1191		number of connections per ConnectionRateWindowSize.
1192
1193		See also CONNECTION CONTROL.
1194
1195conncontrol	Enable a simple check of the number of incoming SMTP
1196		connections.  This requires entries in access_db of the
1197		form
1198
1199			ClientConn:IP.ADD.RE.SS		LIMIT
1200
1201		The RHS specifies the maximum number of open connections
1202		(an integer number).
1203
1204		Take the following example:
1205
1206			ClientConn:10.1.2.3		4
1207			ClientConn:127.0.0.1		0
1208			ClientConn:			10
1209
1210		10.1.2.3 can only have up to 4 open connections, the
1211		general limit it 10, and 127.0.0.1 does not have any
1212		explicit limit.
1213
1214		See also CONNECTION CONTROL.
1215
1216mtamark		Experimental support for "Marking Mail Transfer Agents in
1217		Reverse DNS with TXT RRs" (MTAMark), see
1218		draft-stumpf-dns-mtamark-01.  Optional arguments are:
1219
1220		1. Error message, default:
1221
1222			550 Rejected: $&{client_addr} not listed as MTA
1223
1224		2. Temporary lookup failures are ignored unless a second
1225		argument is given, which must be either `t' or a full
1226		error message.
1227
1228		3. Lookup prefix, default: _perm._smtp._srv.  This should
1229		not be changed unless the draft changes it.
1230
1231		Example:
1232
1233			FEATURE(`mtamark', `', `t')
1234
1235lookupdotdomain	Look up also .domain in the access map.  This allows to
1236		match only subdomains.  It does not work well with
1237		FEATURE(`relay_hosts_only'), because most lookups for
1238		subdomains are suppressed by the latter feature.
1239
1240loose_relay_check
1241		Normally, if % addressing is used for a recipient, e.g.
1242		user%site@othersite, and othersite is in class {R}, the
1243		check_rcpt ruleset will strip @othersite and recheck
1244		user@site for relaying.  This feature changes that
1245		behavior.  It should not be needed for most installations.
1246
1247preserve_luser_host
1248		Preserve the name of the recipient host if LUSER_RELAY is
1249		used.  Without this option, the domain part of the
1250		recipient address will be replaced by the host specified as
1251		LUSER_RELAY.  This feature only works if the hostname is
1252		passed to the mailer (see mailer triple in op.me).  Note
1253		that in the default configuration the local mailer does not
1254		receive the hostname, i.e., the mailer triple has an empty
1255		hostname.
1256
1257preserve_local_plus_detail
1258		Preserve the +detail portion of the address when passing
1259		address to local delivery agent.  Disables alias and
1260		.forward +detail stripping (e.g., given user+detail, only
1261		that address will be looked up in the alias file; user+* and
1262		user will not be looked up).  Only use if the local
1263		delivery agent in use supports +detail addressing.
1264
1265compat_check	Enable ruleset check_compat to look up pairs of addresses
1266		with the Compat: tag --	Compat:sender<@>recipient -- in the
1267		access map.  Valid values for the RHS include
1268			DISCARD	silently discard recipient
1269			TEMP:	return a temporary error
1270			ERROR:	return a permanent error
1271		In the last two cases, a 4xy/5xy SMTP reply code should
1272		follow the colon.
1273
1274no_default_msa	Don't generate the default MSA daemon, i.e.,
1275		DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')
1276		To define a MSA daemon with other parameters, use this
1277		FEATURE and introduce new settings via DAEMON_OPTIONS().
1278
1279msp		Defines config file for Message Submission Program.
1280		See cf/submit.mc for how
1281		to use it.  An optional argument can be used to override
1282		the default of `[localhost]' to use as host to send all
1283		e-mails to.  Note that MX records will be used if the
1284		specified hostname is not in square brackets (e.g.,
1285		[hostname]).  If `MSA' is specified as second argument then
1286		port 587 is used to contact the server.  Example:
1287
1288			FEATURE(`msp', `', `MSA')
1289
1290		Some more hints about possible changes can be found below
1291		in the section MESSAGE SUBMISSION PROGRAM.
1292
1293		Note: Due to many problems, submit.mc uses
1294
1295			FEATURE(`msp', `[127.0.0.1]')
1296
1297		by default.  If you have a machine with IPv6 only,
1298		change it to
1299
1300			FEATURE(`msp', `[IPv6:::1]')
1301
1302		If you want to continue using '[localhost]', (the behavior
1303		up to 8.12.6), use
1304
1305			FEATURE(`msp')
1306
1307queuegroup	A simple example how to select a queue group based
1308		on the full e-mail address or the domain of the
1309		recipient.  Selection is done via entries in the
1310		access map using the tag QGRP:, for example:
1311
1312			QGRP:example.com	main
1313			QGRP:friend@some.org	others
1314			QGRP:my.domain		local
1315
1316		where "main", "others", and "local" are names of
1317		queue groups.  If an argument is specified, it is used
1318		as default queue group.
1319
1320		Note: please read the warning in doc/op/op.me about
1321		queue groups and possible queue manipulations.
1322
1323greet_pause	Adds the greet_pause ruleset which enables open proxy
1324		and SMTP slamming protection.  The feature can take an
1325		argument specifying the milliseconds to wait:
1326
1327			FEATURE(`greet_pause', `5000')  dnl 5 seconds
1328
1329		If FEATURE(`access_db') is enabled, an access database
1330		lookup with the GreetPause tag is done using client
1331		hostname, domain, IP address, or subnet to determine the
1332		pause time:
1333
1334			GreetPause:my.domain	0
1335			GreetPause:example.com	5000
1336			GreetPause:10.1.2	2000
1337			GreetPause:127.0.0.1	0
1338
1339		When using FEATURE(`access_db'), the optional
1340		FEATURE(`greet_pause') argument becomes the default if
1341		nothing is found in the access database.  A ruleset called
1342		Local_greet_pause can be used for local modifications, e.g.,
1343
1344			LOCAL_RULESETS
1345			SLocal_greet_pause
1346			R$*		$: $&{daemon_flags}
1347			R$* a $*	$# 0
1348
1349+--------------------+
1350| USING UUCP MAILERS |
1351+--------------------+
1352
1353It's hard to get UUCP mailers right because of the extremely ad hoc
1354nature of UUCP addressing.  These config files are really designed
1355for domain-based addressing, even for UUCP sites.
1356
1357There are four UUCP mailers available.  The choice of which one to
1358use is partly a matter of local preferences and what is running at
1359the other end of your UUCP connection.  Unlike good protocols that
1360define what will go over the wire, UUCP uses the policy that you
1361should do what is right for the other end; if they change, you have
1362to change.  This makes it hard to do the right thing, and discourages
1363people from updating their software.  In general, if you can avoid
1364UUCP, please do.
1365
1366The major choice is whether to go for a domainized scheme or a
1367non-domainized scheme.  This depends entirely on what the other
1368end will recognize.  If at all possible, you should encourage the
1369other end to go to a domain-based system -- non-domainized addresses
1370don't work entirely properly.
1371
1372The four mailers are:
1373
1374    uucp-old (obsolete name: "uucp")
1375	This is the oldest, the worst (but the closest to UUCP) way of
1376	sending messages across UUCP connections.  It does bangify
1377	everything and prepends $U (your UUCP name) to the sender's
1378	address (which can already be a bang path itself).  It can
1379	only send to one address at a time, so it spends a lot of
1380	time copying duplicates of messages.  Avoid this if at all
1381	possible.
1382
1383    uucp-new (obsolete name: "suucp")
1384	The same as above, except that it assumes that in one rmail
1385	command you can specify several recipients.  It still has a
1386	lot of other problems.
1387
1388    uucp-dom
1389	This UUCP mailer keeps everything as domain addresses.
1390	Basically, it uses the SMTP mailer rewriting rules.  This mailer
1391	is only included if MAILER(`smtp') is specified before
1392	MAILER(`uucp').
1393
1394	Unfortunately, a lot of UUCP mailer transport agents require
1395	bangified addresses in the envelope, although you can use
1396	domain-based addresses in the message header.  (The envelope
1397	shows up as the From_ line on UNIX mail.)  So....
1398
1399    uucp-uudom
1400	This is a cross between uucp-new (for the envelope addresses)
1401	and uucp-dom (for the header addresses).  It bangifies the
1402	envelope sender (From_ line in messages) without adding the
1403	local hostname, unless there is no host name on the address
1404	at all (e.g., "wolf") or the host component is a UUCP host name
1405	instead of a domain name ("somehost!wolf" instead of
1406	"some.dom.ain!wolf").  This is also included only if MAILER(`smtp')
1407	is also specified earlier.
1408
1409Examples:
1410
1411On host grasp.insa-lyon.fr (UUCP host name "grasp"), the following
1412summarizes the sender rewriting for various mailers.
1413
1414Mailer		sender		rewriting in the envelope
1415------		------		-------------------------
1416uucp-{old,new}	wolf		grasp!wolf
1417uucp-dom	wolf		wolf@grasp.insa-lyon.fr
1418uucp-uudom	wolf		grasp.insa-lyon.fr!wolf
1419
1420uucp-{old,new}	wolf@fr.net	grasp!fr.net!wolf
1421uucp-dom	wolf@fr.net	wolf@fr.net
1422uucp-uudom	wolf@fr.net	fr.net!wolf
1423
1424uucp-{old,new}	somehost!wolf	grasp!somehost!wolf
1425uucp-dom	somehost!wolf	somehost!wolf@grasp.insa-lyon.fr
1426uucp-uudom	somehost!wolf	grasp.insa-lyon.fr!somehost!wolf
1427
1428If you are using one of the domainized UUCP mailers, you really want
1429to convert all UUCP addresses to domain format -- otherwise, it will
1430do it for you (and probably not the way you expected).  For example,
1431if you have the address foo!bar!baz (and you are not sending to foo),
1432the heuristics will add the @uucp.relay.name or @local.host.name to
1433this address.  However, if you map foo to foo.host.name first, it
1434will not add the local hostname.  You can do this using the uucpdomain
1435feature.
1436
1437
1438+-------------------+
1439| TWEAKING RULESETS |
1440+-------------------+
1441
1442For more complex configurations, you can define special rules.
1443The macro LOCAL_RULE_3 introduces rules that are used in canonicalizing
1444the names.  Any modifications made here are reflected in the header.
1445
1446A common use is to convert old UUCP addresses to SMTP addresses using
1447the UUCPSMTP macro.  For example:
1448
1449	LOCAL_RULE_3
1450	UUCPSMTP(`decvax',	`decvax.dec.com')
1451	UUCPSMTP(`research',	`research.att.com')
1452
1453will cause addresses of the form "decvax!user" and "research!user"
1454to be converted to "user@decvax.dec.com" and "user@research.att.com"
1455respectively.
1456
1457This could also be used to look up hosts in a database map:
1458
1459	LOCAL_RULE_3
1460	R$* < @ $+ > $*		$: $1 < @ $(hostmap $2 $) > $3
1461
1462This map would be defined in the LOCAL_CONFIG portion, as shown below.
1463
1464Similarly, LOCAL_RULE_0 can be used to introduce new parsing rules.
1465For example, new rules are needed to parse hostnames that you accept
1466via MX records.  For example, you might have:
1467
1468	LOCAL_RULE_0
1469	R$+ <@ host.dom.ain.>	$#uucp $@ cnmat $: $1 < @ host.dom.ain.>
1470
1471You would use this if you had installed an MX record for cnmat.Berkeley.EDU
1472pointing at this host; this rule catches the message and forwards it on
1473using UUCP.
1474
1475You can also tweak rulesets 1 and 2 using LOCAL_RULE_1 and LOCAL_RULE_2.
1476These rulesets are normally empty.
1477
1478A similar macro is LOCAL_CONFIG.  This introduces lines added after the
1479boilerplate option setting but before rulesets.  Do not declare rulesets in
1480the LOCAL_CONFIG section.  It can be used to declare local database maps or
1481whatever.  For example:
1482
1483	LOCAL_CONFIG
1484	Khostmap hash /etc/mail/hostmap
1485	Kyplocal nis -m hosts.byname
1486
1487
1488+---------------------------+
1489| MASQUERADING AND RELAYING |
1490+---------------------------+
1491
1492You can have your host masquerade as another using
1493
1494	MASQUERADE_AS(`host.domain')
1495
1496This causes mail being sent to be labeled as coming from the
1497indicated host.domain, rather than $j.  One normally masquerades as
1498one of one's own subdomains (for example, it's unlikely that
1499Berkeley would choose to masquerade as an MIT site).  This
1500behaviour is modified by a plethora of FEATUREs; in particular, see
1501masquerade_envelope, allmasquerade, limited_masquerade, and
1502masquerade_entire_domain.
1503
1504The masquerade name is not normally canonified, so it is important
1505that it be your One True Name, that is, fully qualified and not a
1506CNAME.  However, if you use a CNAME, the receiving side may canonify
1507it for you, so don't think you can cheat CNAME mapping this way.
1508
1509Normally the only addresses that are masqueraded are those that come
1510from this host (that is, are either unqualified or in class {w}, the list
1511of local domain names).  You can augment this list, which is realized
1512by class {M} using
1513
1514	MASQUERADE_DOMAIN(`otherhost.domain')
1515
1516The effect of this is that although mail to user@otherhost.domain
1517will not be delivered locally, any mail including any user@otherhost.domain
1518will, when relayed, be rewritten to have the MASQUERADE_AS address.
1519This can be a space-separated list of names.
1520
1521If these names are in a file, you can use
1522
1523	MASQUERADE_DOMAIN_FILE(`filename')
1524
1525to read the list of names from the indicated file (i.e., to add
1526elements to class {M}).
1527
1528To exempt hosts or subdomains from being masqueraded, you can use
1529
1530	MASQUERADE_EXCEPTION(`host.domain')
1531
1532This can come handy if you want to masquerade a whole domain
1533except for one (or a few) host(s).  If these names are in a file,
1534you can use
1535
1536	MASQUERADE_EXCEPTION_FILE(`filename')
1537
1538Normally only header addresses are masqueraded.  If you want to
1539masquerade the envelope as well, use
1540
1541	FEATURE(`masquerade_envelope')
1542
1543There are always users that need to be "exposed" -- that is, their
1544internal site name should be displayed instead of the masquerade name.
1545Root is an example (which has been "exposed" by default prior to 8.10).
1546You can add users to this list using
1547
1548	EXPOSED_USER(`usernames')
1549
1550This adds users to class {E}; you could also use
1551
1552	EXPOSED_USER_FILE(`filename')
1553
1554You can also arrange to relay all unqualified names (that is, names
1555without @host) to a relay host.  For example, if you have a central
1556email server, you might relay to that host so that users don't have
1557to have .forward files or aliases.  You can do this using
1558
1559	define(`LOCAL_RELAY', `mailer:hostname')
1560
1561The ``mailer:'' can be omitted, in which case the mailer defaults to
1562"relay".  There are some user names that you don't want relayed, perhaps
1563because of local aliases.  A common example is root, which may be
1564locally aliased.  You can add entries to this list using
1565
1566	LOCAL_USER(`usernames')
1567
1568This adds users to class {L}; you could also use
1569
1570	LOCAL_USER_FILE(`filename')
1571
1572If you want all incoming mail sent to a centralized hub, as for a
1573shared /var/spool/mail scheme, use
1574
1575	define(`MAIL_HUB', `mailer:hostname')
1576
1577Again, ``mailer:'' defaults to "relay".  If you define both LOCAL_RELAY
1578and MAIL_HUB _AND_ you have FEATURE(`stickyhost'), unqualified names will
1579be sent to the LOCAL_RELAY and other local names will be sent to MAIL_HUB.
1580Note: there is a (long standing) bug which keeps this combination from
1581working for addresses of the form user+detail.
1582Names in class {L} will be delivered locally, so you MUST have aliases or
1583.forward files for them.
1584
1585For example, if you are on machine mastodon.CS.Berkeley.EDU and you have
1586FEATURE(`stickyhost'), the following combinations of settings will have the
1587indicated effects:
1588
1589email sent to....	eric			  eric@mastodon.CS.Berkeley.EDU
1590
1591LOCAL_RELAY set to	mail.CS.Berkeley.EDU	  (delivered locally)
1592mail.CS.Berkeley.EDU	  (no local aliasing)	    (aliasing done)
1593
1594MAIL_HUB set to		mammoth.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1595mammoth.CS.Berkeley.EDU	  (aliasing done)	    (aliasing done)
1596
1597Both LOCAL_RELAY and	mail.CS.Berkeley.EDU	  mammoth.CS.Berkeley.EDU
1598MAIL_HUB set as above	  (no local aliasing)	    (aliasing done)
1599
1600If you do not have FEATURE(`stickyhost') set, then LOCAL_RELAY and
1601MAIL_HUB act identically, with MAIL_HUB taking precedence.
1602
1603If you want all outgoing mail to go to a central relay site, define
1604SMART_HOST as well.  Briefly:
1605
1606	LOCAL_RELAY applies to unqualified names (e.g., "eric").
1607	MAIL_HUB applies to names qualified with the name of the
1608		local host (e.g., "eric@mastodon.CS.Berkeley.EDU").
1609	SMART_HOST applies to names qualified with other hosts or
1610		bracketed addresses (e.g., "eric@mastodon.CS.Berkeley.EDU"
1611		or "eric@[127.0.0.1]").
1612
1613However, beware that other relays (e.g., UUCP_RELAY, BITNET_RELAY,
1614DECNET_RELAY, and FAX_RELAY) take precedence over SMART_HOST, so if you
1615really want absolutely everything to go to a single central site you will
1616need to unset all the other relays -- or better yet, find or build a
1617minimal config file that does this.
1618
1619For duplicate suppression to work properly, the host name is best
1620specified with a terminal dot:
1621
1622	define(`MAIL_HUB', `host.domain.')
1623	      note the trailing dot ---^
1624
1625
1626+-------------------------------------------+
1627| USING LDAP FOR ALIASES, MAPS, AND CLASSES |
1628+-------------------------------------------+
1629
1630LDAP can be used for aliases, maps, and classes by either specifying your
1631own LDAP map specification or using the built-in default LDAP map
1632specification.  The built-in default specifications all provide lookups
1633which match against either the machine's fully qualified hostname (${j}) or
1634a "cluster".  The cluster allows you to share LDAP entries among a large
1635number of machines without having to enter each of the machine names into
1636each LDAP entry.  To set the LDAP cluster name to use for a particular
1637machine or set of machines, set the confLDAP_CLUSTER m4 variable to a
1638unique name.  For example:
1639
1640	define(`confLDAP_CLUSTER', `Servers')
1641
1642Here, the word `Servers' will be the cluster name.  As an example, assume
1643that smtp.sendmail.org, etrn.sendmail.org, and mx.sendmail.org all belong
1644to the Servers cluster.
1645
1646Some of the LDAP LDIF examples below show use of the Servers cluster.
1647Every entry must have either a sendmailMTAHost or sendmailMTACluster
1648attribute or it will be ignored.  Be careful as mixing clusters and
1649individual host records can have surprising results (see the CAUTION
1650sections below).
1651
1652See the file cf/sendmail.schema for the actual LDAP schemas.  Note that
1653this schema (and therefore the lookups and examples below) is experimental
1654at this point as it has had little public review.  Therefore, it may change
1655in future versions.  Feedback via sendmail@sendmail.org is encouraged.
1656
1657-------
1658Aliases
1659-------
1660
1661The ALIAS_FILE (O AliasFile) option can be set to use LDAP for alias
1662lookups.  To use the default schema, simply use:
1663
1664	define(`ALIAS_FILE', `ldap:')
1665
1666By doing so, you will use the default schema which expands to a map
1667declared as follows:
1668
1669	ldap -k (&(objectClass=sendmailMTAAliasObject)
1670		  (sendmailMTAAliasGrouping=aliases)
1671		  (|(sendmailMTACluster=${sendmailMTACluster})
1672		    (sendmailMTAHost=$j))
1673		  (sendmailMTAKey=%0))
1674	     -v sendmailMTAAliasValue,sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,sendmailMTAAliasURL:URL:sendmailMTAAliasObject
1675
1676
1677NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1678used when the binary expands the `ldap:' token as the AliasFile option is
1679not actually macro-expanded when read from the sendmail.cf file.
1680
1681Example LDAP LDIF entries might be:
1682
1683	dn: sendmailMTAKey=sendmail-list, dc=sendmail, dc=org
1684	objectClass: sendmailMTA
1685	objectClass: sendmailMTAAlias
1686	objectClass: sendmailMTAAliasObject
1687	sendmailMTAAliasGrouping: aliases
1688	sendmailMTAHost: etrn.sendmail.org
1689	sendmailMTAKey: sendmail-list
1690	sendmailMTAAliasValue: ca@example.org
1691	sendmailMTAAliasValue: eric
1692	sendmailMTAAliasValue: gshapiro@example.com
1693
1694	dn: sendmailMTAKey=owner-sendmail-list, dc=sendmail, dc=org
1695	objectClass: sendmailMTA
1696	objectClass: sendmailMTAAlias
1697	objectClass: sendmailMTAAliasObject
1698	sendmailMTAAliasGrouping: aliases
1699	sendmailMTAHost: etrn.sendmail.org
1700	sendmailMTAKey: owner-sendmail-list
1701	sendmailMTAAliasValue: eric
1702
1703	dn: sendmailMTAKey=postmaster, dc=sendmail, dc=org
1704	objectClass: sendmailMTA
1705	objectClass: sendmailMTAAlias
1706	objectClass: sendmailMTAAliasObject
1707	sendmailMTAAliasGrouping: aliases
1708	sendmailMTACluster: Servers
1709	sendmailMTAKey: postmaster
1710	sendmailMTAAliasValue: eric
1711
1712Here, the aliases sendmail-list and owner-sendmail-list will be available
1713only on etrn.sendmail.org but the postmaster alias will be available on
1714every machine in the Servers cluster (including etrn.sendmail.org).
1715
1716CAUTION: aliases are additive so that entries like these:
1717
1718	dn: sendmailMTAKey=bob, dc=sendmail, dc=org
1719	objectClass: sendmailMTA
1720	objectClass: sendmailMTAAlias
1721	objectClass: sendmailMTAAliasObject
1722	sendmailMTAAliasGrouping: aliases
1723	sendmailMTACluster: Servers
1724	sendmailMTAKey: bob
1725	sendmailMTAAliasValue: eric
1726
1727	dn: sendmailMTAKey=bobetrn, dc=sendmail, dc=org
1728	objectClass: sendmailMTA
1729	objectClass: sendmailMTAAlias
1730	objectClass: sendmailMTAAliasObject
1731	sendmailMTAAliasGrouping: aliases
1732	sendmailMTAHost: etrn.sendmail.org
1733	sendmailMTAKey: bob
1734	sendmailMTAAliasValue: gshapiro
1735
1736would mean that on all of the hosts in the cluster, mail to bob would go to
1737eric EXCEPT on etrn.sendmail.org in which case it would go to BOTH eric and
1738gshapiro.
1739
1740If you prefer not to use the default LDAP schema for your aliases, you can
1741specify the map parameters when setting ALIAS_FILE.  For example:
1742
1743	define(`ALIAS_FILE', `ldap:-k (&(objectClass=mailGroup)(mail=%0)) -v mgrpRFC822MailMember')
1744
1745----
1746Maps
1747----
1748
1749FEATURE()'s which take an optional map definition argument (e.g., access,
1750mailertable, virtusertable, etc.) can instead take the special keyword
1751`LDAP', e.g.:
1752
1753	FEATURE(`access_db', `LDAP')
1754	FEATURE(`virtusertable', `LDAP')
1755
1756When this keyword is given, that map will use LDAP lookups consisting of
1757the objectClass sendmailMTAClassObject, the attribute sendmailMTAMapName
1758with the map name, a search attribute of sendmailMTAKey, and the value
1759attribute sendmailMTAMapValue.
1760
1761The values for sendmailMTAMapName are:
1762
1763	FEATURE()		sendmailMTAMapName
1764	---------		------------------
1765	access_db		access
1766	authinfo		authinfo
1767	bitdomain		bitdomain
1768	domaintable		domain
1769	genericstable		generics
1770	mailertable		mailer
1771	uucpdomain		uucpdomain
1772	virtusertable		virtuser
1773
1774For example, FEATURE(`mailertable', `LDAP') would use the map definition:
1775
1776	Kmailertable ldap -k (&(objectClass=sendmailMTAMapObject)
1777			       (sendmailMTAMapName=mailer)
1778			       (|(sendmailMTACluster=${sendmailMTACluster})
1779				 (sendmailMTAHost=$j))
1780			       (sendmailMTAKey=%0))
1781			  -1 -v sendmailMTAMapValue,sendmailMTAMapSearch:FILTER:sendmailMTAMapObject,sendmailMTAMapURL:URL:sendmailMTAMapObject
1782
1783An example LDAP LDIF entry using this map might be:
1784
1785	dn: sendmailMTAMapName=mailer, dc=sendmail, dc=org
1786	objectClass: sendmailMTA
1787	objectClass: sendmailMTAMap
1788	sendmailMTACluster: Servers
1789	sendmailMTAMapName: mailer
1790
1791	dn: sendmailMTAKey=example.com, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1792	objectClass: sendmailMTA
1793	objectClass: sendmailMTAMap
1794	objectClass: sendmailMTAMapObject
1795	sendmailMTAMapName: mailer
1796	sendmailMTACluster: Servers
1797	sendmailMTAKey: example.com
1798	sendmailMTAMapValue: relay:[smtp.example.com]
1799
1800CAUTION: If your LDAP database contains the record above and *ALSO* a host
1801specific record such as:
1802
1803	dn: sendmailMTAKey=example.com@etrn, sendmailMTAMapName=mailer, dc=sendmail, dc=org
1804	objectClass: sendmailMTA
1805	objectClass: sendmailMTAMap
1806	objectClass: sendmailMTAMapObject
1807	sendmailMTAMapName: mailer
1808	sendmailMTAHost: etrn.sendmail.org
1809	sendmailMTAKey: example.com
1810	sendmailMTAMapValue: relay:[mx.example.com]
1811
1812then these entries will give unexpected results.  When the lookup is done
1813on etrn.sendmail.org, the effect is that there is *NO* match at all as maps
1814require a single match.  Since the host etrn.sendmail.org is also in the
1815Servers cluster, LDAP would return two answers for the example.com map key
1816in which case sendmail would treat this as no match at all.
1817
1818If you prefer not to use the default LDAP schema for your maps, you can
1819specify the map parameters when using the FEATURE().  For example:
1820
1821	FEATURE(`access_db', `ldap:-1 -k (&(objectClass=mapDatabase)(key=%0)) -v value')
1822
1823-------
1824Classes
1825-------
1826
1827Normally, classes can be filled via files or programs.  As of 8.12, they
1828can also be filled via map lookups using a new syntax:
1829
1830	F{ClassName}mapkey@mapclass:mapspec
1831
1832mapkey is optional and if not provided the map key will be empty.  This can
1833be used with LDAP to read classes from LDAP.  Note that the lookup is only
1834done when sendmail is initially started.  Use the special value `@LDAP' to
1835use the default LDAP schema.  For example:
1836
1837	RELAY_DOMAIN_FILE(`@LDAP')
1838
1839would put all of the attribute sendmailMTAClassValue values of LDAP records
1840with objectClass sendmailMTAClass and an attribute sendmailMTAClassName of
1841'R' into class $={R}.  In other words, it is equivalent to the LDAP map
1842specification:
1843
1844	F{R}@ldap:-k (&(objectClass=sendmailMTAClass)
1845		       (sendmailMTAClassName=R)
1846		       (|(sendmailMTACluster=${sendmailMTACluster})
1847			 (sendmailMTAHost=$j)))
1848		  -v sendmailMTAClassValue,sendmailMTAClassSearch:FILTER:sendmailMTAClass,sendmailMTAClassURL:URL:sendmailMTAClass
1849
1850NOTE: The macros shown above ${sendmailMTACluster} and $j are not actually
1851used when the binary expands the `@LDAP' token as class declarations are
1852not actually macro-expanded when read from the sendmail.cf file.
1853
1854This can be used with class related commands such as RELAY_DOMAIN_FILE(),
1855MASQUERADE_DOMAIN_FILE(), etc:
1856
1857	Command				sendmailMTAClassName
1858	-------				--------------------
1859	CANONIFY_DOMAIN_FILE()		Canonify
1860	EXPOSED_USER_FILE()		E
1861	GENERICS_DOMAIN_FILE()		G
1862	LDAPROUTE_DOMAIN_FILE()		LDAPRoute
1863	LDAPROUTE_EQUIVALENT_FILE()	LDAPRouteEquiv
1864	LOCAL_USER_FILE()		L
1865	MASQUERADE_DOMAIN_FILE()	M
1866	MASQUERADE_EXCEPTION_FILE()	N
1867	RELAY_DOMAIN_FILE()		R
1868	VIRTUSER_DOMAIN_FILE()		VirtHost
1869
1870You can also add your own as any 'F'ile class of the form:
1871
1872	F{ClassName}@LDAP
1873	  ^^^^^^^^^
1874will use "ClassName" for the sendmailMTAClassName.
1875
1876An example LDAP LDIF entry would look like:
1877
1878	dn: sendmailMTAClassName=R, dc=sendmail, dc=org
1879	objectClass: sendmailMTA
1880	objectClass: sendmailMTAClass
1881	sendmailMTACluster: Servers
1882	sendmailMTAClassName: R
1883	sendmailMTAClassValue: sendmail.org
1884	sendmailMTAClassValue: example.com
1885	sendmailMTAClassValue: 10.56.23
1886
1887CAUTION: If your LDAP database contains the record above and *ALSO* a host
1888specific record such as:
1889
1890	dn: sendmailMTAClassName=R@etrn.sendmail.org, dc=sendmail, dc=org
1891	objectClass: sendmailMTA
1892	objectClass: sendmailMTAClass
1893	sendmailMTAHost: etrn.sendmail.org
1894	sendmailMTAClassName: R
1895	sendmailMTAClassValue: example.com
1896
1897the result will be similar to the aliases caution above.  When the lookup
1898is done on etrn.sendmail.org, $={R} would contain all of the entries (from
1899both the cluster match and the host match).  In other words, the effective
1900is additive.
1901
1902If you prefer not to use the default LDAP schema for your classes, you can
1903specify the map parameters when using the class command.  For example:
1904
1905	VIRTUSER_DOMAIN_FILE(`@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host')
1906
1907Remember, macros can not be used in a class declaration as the binary does
1908not expand them.
1909
1910
1911+--------------+
1912| LDAP ROUTING |
1913+--------------+
1914
1915FEATURE(`ldap_routing') can be used to implement the IETF Internet Draft
1916LDAP Schema for Intranet Mail Routing
1917(draft-lachman-laser-ldap-mail-routing-01).  This feature enables
1918LDAP-based rerouting of a particular address to either a different host
1919or a different address.  The LDAP lookup is first attempted on the full
1920address (e.g., user@example.com) and then on the domain portion
1921(e.g., @example.com).  Be sure to setup your domain for LDAP routing using
1922LDAPROUTE_DOMAIN(), e.g.:
1923
1924	LDAPROUTE_DOMAIN(`example.com')
1925
1926Additionally, you can specify equivalent domains for LDAP routing using
1927LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE().  'Equivalent'
1928hostnames are mapped to $M (the masqueraded hostname for the server) before
1929the LDAP query.  For example, if the mail is addressed to
1930user@host1.example.com, normally the LDAP lookup would only be done for
1931'user@host1.example.com' and '@host1.example.com'.   However, if
1932LDAPROUTE_EQUIVALENT(`host1.example.com') is used, the lookups would also be
1933done on 'user@example.com' and '@example.com' after attempting the
1934host1.example.com lookups.
1935
1936By default, the feature will use the schemas as specified in the draft
1937and will not reject addresses not found by the LDAP lookup.  However,
1938this behavior can be changed by giving additional arguments to the FEATURE()
1939command:
1940
1941 FEATURE(`ldap_routing', <mailHost>, <mailRoutingAddress>, <bounce>,
1942		 <detail>, <nodomain>, <tempfail>)
1943
1944where <mailHost> is a map definition describing how to lookup an alternative
1945mail host for a particular address; <mailRoutingAddress> is a map definition
1946describing how to lookup an alternative address for a particular address;
1947the <bounce> argument, if present and not the word "passthru", dictates
1948that mail should be bounced if neither a mailHost nor mailRoutingAddress
1949is found, if set to "sendertoo", the sender will be rejected if not
1950found in LDAP; and <detail> indicates what actions to take if the address
1951contains +detail information -- `strip' tries the lookup with the +detail
1952and if no matches are found, strips the +detail and tries the lookup again;
1953`preserve', does the same as `strip' but if a mailRoutingAddress match is
1954found, the +detail information is copied to the new address; the <nodomain>
1955argument, if present, will prevent the @domain lookup if the full
1956address is not found in LDAP; the <tempfail> argument, if set to
1957"tempfail", instructs the rules to give an SMTP 4XX temporary
1958error if the LDAP server gives the MTA a temporary failure, or if set to
1959"queue" (the default), the MTA will locally queue the mail.
1960
1961The default <mailHost> map definition is:
1962
1963	ldap -1 -T<TMPF> -v mailHost -k (&(objectClass=inetLocalMailRecipient)
1964				 (mailLocalAddress=%0))
1965
1966The default <mailRoutingAddress> map definition is:
1967
1968	ldap -1 -T<TMPF> -v mailRoutingAddress
1969			 -k (&(objectClass=inetLocalMailRecipient)
1970			      (mailLocalAddress=%0))
1971
1972Note that neither includes the LDAP server hostname (-h server) or base DN
1973(-b o=org,c=COUNTRY), both necessary for LDAP queries.  It is presumed that
1974your .mc file contains a setting for the confLDAP_DEFAULT_SPEC option with
1975these settings.  If this is not the case, the map definitions should be
1976changed as described above.  The "-T<TMPF>" is required in any user
1977specified map definition to catch temporary errors.
1978
1979The following possibilities exist as a result of an LDAP lookup on an
1980address:
1981
1982	mailHost is	mailRoutingAddress is	Results in
1983	-----------	---------------------	----------
1984	set to a	set			mail delivered to
1985	"local" host				mailRoutingAddress
1986
1987	set to a	not set			delivered to
1988	"local" host				original address
1989
1990	set to a	set			mailRoutingAddress
1991	remote host				relayed to mailHost
1992
1993	set to a	not set			original address
1994	remote host				relayed to mailHost
1995
1996	not set		set			mail delivered to
1997						mailRoutingAddress
1998
1999	not set		not set			delivered to
2000						original address *OR*
2001						bounced as unknown user
2002
2003The term "local" host above means the host specified is in class {w}.  If
2004the result would mean sending the mail to a different host, that host is
2005looked up in the mailertable before delivery.
2006
2007Note that the last case depends on whether the third argument is given
2008to the FEATURE() command.  The default is to deliver the message to the
2009original address.
2010
2011The LDAP entries should be set up with an objectClass of
2012inetLocalMailRecipient and the address be listed in a mailLocalAddress
2013attribute.  If present, there must be only one mailHost attribute and it
2014must contain a fully qualified host name as its value.  Similarly, if
2015present, there must be only one mailRoutingAddress attribute and it must
2016contain an RFC 822 compliant address.  Some example LDAP records (in LDIF
2017format):
2018
2019	dn: uid=tom, o=example.com, c=US
2020	objectClass: inetLocalMailRecipient
2021	mailLocalAddress: tom@example.com
2022	mailRoutingAddress: thomas@mailhost.example.com
2023
2024This would deliver mail for tom@example.com to thomas@mailhost.example.com.
2025
2026	dn: uid=dick, o=example.com, c=US
2027	objectClass: inetLocalMailRecipient
2028	mailLocalAddress: dick@example.com
2029	mailHost: eng.example.com
2030
2031This would relay mail for dick@example.com to the same address but redirect
2032the mail to MX records listed for the host eng.example.com (unless the
2033mailertable overrides).
2034
2035	dn: uid=harry, o=example.com, c=US
2036	objectClass: inetLocalMailRecipient
2037	mailLocalAddress: harry@example.com
2038	mailHost: mktmail.example.com
2039	mailRoutingAddress: harry@mkt.example.com
2040
2041This would relay mail for harry@example.com to the MX records listed for
2042the host mktmail.example.com using the new address harry@mkt.example.com
2043when talking to that host.
2044
2045	dn: uid=virtual.example.com, o=example.com, c=US
2046	objectClass: inetLocalMailRecipient
2047	mailLocalAddress: @virtual.example.com
2048	mailHost: server.example.com
2049	mailRoutingAddress: virtual@example.com
2050
2051This would send all mail destined for any username @virtual.example.com to
2052the machine server.example.com's MX servers and deliver to the address
2053virtual@example.com on that relay machine.
2054
2055
2056+---------------------------------+
2057| ANTI-SPAM CONFIGURATION CONTROL |
2058+---------------------------------+
2059
2060The primary anti-spam features available in sendmail are:
2061
2062* Relaying is denied by default.
2063* Better checking on sender information.
2064* Access database.
2065* Header checks.
2066
2067Relaying (transmission of messages from a site outside your host (class
2068{w}) to another site except yours) is denied by default.  Note that this
2069changed in sendmail 8.9; previous versions allowed relaying by default.
2070If you really want to revert to the old behaviour, you will need to use
2071FEATURE(`promiscuous_relay').  You can allow certain domains to relay
2072through your server by adding their domain name or IP address to class
2073{R} using RELAY_DOMAIN() and RELAY_DOMAIN_FILE() or via the access database
2074(described below).  Note that IPv6 addresses must be prefaced with "IPv6:".
2075The file consists (like any other file based class) of entries listed on
2076separate lines, e.g.,
2077
2078	sendmail.org
2079	128.32
2080	IPv6:2002:c0a8:02c7
2081	IPv6:2002:c0a8:51d2::23f4
2082	host.mydomain.com
2083	[UNIX:localhost]
2084
2085Notice: the last entry allows relaying for connections via a UNIX
2086socket to the MTA/MSP.  This might be necessary if your configuration
2087doesn't allow relaying by other means in that case, e.g., by having
2088localhost.$m in class {R} (make sure $m is not just a top level
2089domain).
2090
2091If you use
2092
2093	FEATURE(`relay_entire_domain')
2094
2095then any host in any of your local domains (that is, class {m})
2096will be relayed (that is, you will accept mail either to or from any
2097host in your domain).
2098
2099You can also allow relaying based on the MX records of the host
2100portion of an incoming recipient address by using
2101
2102	FEATURE(`relay_based_on_MX')
2103
2104For example, if your server receives a recipient of user@domain.com
2105and domain.com lists your server in its MX records, the mail will be
2106accepted for relay to domain.com.  This feature may cause problems
2107if MX lookups for the recipient domain are slow or time out.  In that
2108case, mail will be temporarily rejected.  It is usually better to
2109maintain a list of hosts/domains for which the server acts as relay.
2110Note also that this feature will stop spammers from using your host
2111to relay spam but it will not stop outsiders from using your server
2112as a relay for their site (that is, they set up an MX record pointing
2113to your mail server, and you will relay mail addressed to them
2114without any prior arrangement).  Along the same lines,
2115
2116	FEATURE(`relay_local_from')
2117
2118will allow relaying if the sender specifies a return path (i.e.
2119MAIL FROM: <user@domain>) domain which is a local domain.  This is a
2120dangerous feature as it will allow spammers to spam using your mail
2121server by simply specifying a return address of user@your.domain.com.
2122It should not be used unless absolutely necessary.
2123A slightly better solution is
2124
2125	FEATURE(`relay_mail_from')
2126
2127which allows relaying if the mail sender is listed as RELAY in the
2128access map.  If an optional argument `domain' (this is the literal
2129word `domain', not a placeholder) is given, the domain portion of
2130the mail sender is also checked to allowing relaying.  This option
2131only works together with the tag From: for the LHS of the access
2132map entries.  This feature allows spammers to abuse your mail server
2133by specifying a return address that you enabled in your access file.
2134This may be harder to figure out for spammers, but it should not
2135be used unless necessary.  Instead use STARTTLS to
2136allow relaying for roaming users.
2137
2138
2139If source routing is used in the recipient address (e.g.,
2140RCPT TO: <user%site.com@othersite.com>), sendmail will check
2141user@site.com for relaying if othersite.com is an allowed relay host
2142in either class {R}, class {m} if FEATURE(`relay_entire_domain') is used,
2143or the access database if FEATURE(`access_db') is used.  To prevent
2144the address from being stripped down, use:
2145
2146	FEATURE(`loose_relay_check')
2147
2148If you think you need to use this feature, you probably do not.  This
2149should only be used for sites which have no control over the addresses
2150that they provide a gateway for.  Use this FEATURE with caution as it
2151can allow spammers to relay through your server if not setup properly.
2152
2153NOTICE: It is possible to relay mail through a system which the anti-relay
2154rules do not prevent: the case of a system that does use FEATURE(`nouucp',
2155`nospecial') (system A) and relays local messages to a mail hub (e.g., via
2156LOCAL_RELAY or LUSER_RELAY) (system B).  If system B doesn't use
2157FEATURE(`nouucp') at all, addresses of the form
2158<example.net!user@local.host> would be relayed to <user@example.net>.
2159System A doesn't recognize `!' as an address separator and therefore
2160forwards it to the mail hub which in turns relays it because it came from
2161a trusted local host.  So if a mailserver allows UUCP (bang-format)
2162addresses, all systems from which it allows relaying should do the same
2163or reject those addresses.
2164
2165As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has
2166an unresolvable domain (i.e., one that DNS, your local name service,
2167or special case rules in ruleset 3 cannot locate).  This also applies
2168to addresses that use domain literals, e.g., <user@[1.2.3.4]>, if the
2169IP address can't be mapped to a host name.  If you want to continue
2170to accept such domains, e.g., because you are inside a firewall that
2171has only a limited view of the Internet host name space (note that you
2172will not be able to return mail to them unless you have some "smart
2173host" forwarder), use
2174
2175	FEATURE(`accept_unresolvable_domains')
2176
2177Alternatively, you can allow specific addresses by adding them to
2178the access map, e.g.,
2179
2180	From:unresolvable.domain	OK
2181	From:[1.2.3.4]			OK
2182	From:[1.2.4]			OK
2183
2184Notice: domains which are temporarily unresolvable are (temporarily)
2185rejected with a 451 reply code.  If those domains should be accepted
2186(which is discouraged) then you can use
2187
2188	LOCAL_CONFIG
2189	C{ResOk}TEMP
2190
2191sendmail will also refuse mail if the MAIL FROM: parameter is not
2192fully qualified (i.e., contains a domain as well as a user).  If you
2193want to continue to accept such senders, use
2194
2195	FEATURE(`accept_unqualified_senders')
2196
2197Setting the DaemonPortOptions modifier 'u' overrides the default behavior,
2198i.e., unqualified addresses are accepted even without this FEATURE.  If
2199this FEATURE is not used, the DaemonPortOptions modifier 'f' can be used
2200to enforce fully qualified domain names.
2201
2202An ``access'' database can be created to accept or reject mail from
2203selected domains.  For example, you may choose to reject all mail
2204originating from known spammers.  To enable such a database, use
2205
2206	FEATURE(`access_db')
2207
2208Notice: the access database is applied to the envelope addresses
2209and the connection information, not to the header.
2210
2211The FEATURE macro can accept as second parameter the key file
2212definition for the database; for example
2213
2214	FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map')
2215
2216Notice: If a second argument is specified it must contain the option
2217`-T<TMPF>' as shown above.  The optional third and fourth parameters
2218may be `skip' or `lookupdotdomain'.  The former enables SKIP as
2219value part (see below), the latter is another way to enable the
2220feature of the same name (see above).
2221
2222Remember, since /etc/mail/access is a database, after creating the text
2223file as described below, you must use makemap to create the database
2224map.  For example:
2225
2226	makemap hash /etc/mail/access < /etc/mail/access
2227
2228The table itself uses e-mail addresses, domain names, and network
2229numbers as keys.  Note that IPv6 addresses must be prefaced with "IPv6:".
2230For example,
2231
2232	From:spammer@aol.com			REJECT
2233	From:cyberspammer.com			REJECT
2234	Connect:cyberspammer.com		REJECT
2235	Connect:TLD				REJECT
2236	Connect:192.168.212			REJECT
2237	Connect:IPv6:2002:c0a8:02c7		RELAY
2238	Connect:IPv6:2002:c0a8:51d2::23f4	REJECT
2239
2240would refuse mail from spammer@aol.com, any user from cyberspammer.com
2241(or any host within the cyberspammer.com domain), any host in the entire
2242top level domain TLD, 192.168.212.* network, and the IPv6 address
22432002:c0a8:51d2::23f4.  It would allow relay for the IPv6 network
22442002:c0a8:02c7::/48.
2245
2246Entries in the access map should be tagged according to their type.
2247Three tags are available:
2248
2249	Connect:	connection information (${client_addr}, ${client_name})
2250	From:		envelope sender
2251	To:		envelope recipient
2252
2253Notice: untagged entries are deprecated.
2254
2255If the required item is looked up in a map, it will be tried first
2256with the corresponding tag in front, then (as fallback to enable
2257backward compatibility) without any tag, unless the specific feature
2258requires a tag.  For example,
2259
2260	From:spammer@some.dom	REJECT
2261	To:friend.domain	RELAY
2262	Connect:friend.domain	OK
2263	Connect:from.domain	RELAY
2264	From:good@another.dom	OK
2265	From:another.dom	REJECT
2266
2267This would deny mails from spammer@some.dom but you could still
2268send mail to that address even if FEATURE(`blacklist_recipients')
2269is enabled.  Your system will allow relaying to friend.domain, but
2270not from it (unless enabled by other means).  Connections from that
2271domain will be allowed even if it ends up in one of the DNS based
2272rejection lists.  Relaying is enabled from from.domain but not to
2273it (since relaying is based on the connection information for
2274outgoing relaying, the tag Connect: must be used; for incoming
2275relaying, which is based on the recipient address, To: must be
2276used).  The last two entries allow mails from good@another.dom but
2277reject mail from all other addresses with another.dom as domain
2278part.
2279
2280
2281The value part of the map can contain:
2282
2283	OK		Accept mail even if other rules in the running
2284			ruleset would reject it, for example, if the domain
2285			name is unresolvable.  "Accept" does not mean
2286			"relay", but at most acceptance for local
2287			recipients.  That is, OK allows less than RELAY.
2288	RELAY		Accept mail addressed to the indicated domain or
2289			received from the indicated domain for relaying
2290			through your SMTP server.  RELAY also serves as
2291			an implicit OK for the other checks.
2292	REJECT		Reject the sender or recipient with a general
2293			purpose message.
2294	DISCARD		Discard the message completely using the
2295			$#discard mailer.  If it is used in check_compat,
2296			it affects only the designated recipient, not
2297			the whole message as it does in all other cases.
2298			This should only be used if really necessary.
2299	SKIP		This can only be used for host/domain names
2300			and IP addresses/nets.  It will abort the current
2301			search for this entry without accepting or rejecting
2302			it but causing the default action.
2303	### any text	where ### is an RFC 821 compliant error code and
2304			"any text" is a message to return for the command.
2305			The string should be quoted to avoid surprises,
2306			e.g., sendmail may remove spaces otherwise.
2307			This type is deprecated, use one of the two
2308			ERROR:  entries below instead.
2309	ERROR:### any text
2310			as above, but useful to mark error messages as such.
2311	ERROR:D.S.N:### any text
2312			where D.S.N is an RFC 1893 compliant error code
2313			and the rest as above.
2314	QUARANTINE:any text
2315			Quarantine the message using the given text as the
2316			quarantining reason.
2317
2318For example:
2319
2320	From:cyberspammer.com	ERROR:"550 We don't accept mail from spammers"
2321	From:okay.cyberspammer.com	OK
2322	Connect:sendmail.org		RELAY
2323	To:sendmail.org			RELAY
2324	Connect:128.32			RELAY
2325	Connect:128.32.2		SKIP
2326	Connect:IPv6:1:2:3:4:5:6:7	RELAY
2327	Connect:suspicious.example.com	QUARANTINE:Mail from suspicious host
2328	Connect:[127.0.0.3]		OK
2329	Connect:[IPv6:1:2:3:4:5:6:7:8]	OK
2330
2331would accept mail from okay.cyberspammer.com, but would reject mail
2332from all other hosts at cyberspammer.com with the indicated message.
2333It would allow relaying mail from and to any hosts in the sendmail.org
2334domain, and allow relaying from the IPv6 1:2:3:4:5:6:7:* network
2335and from the 128.32.*.* network except for the 128.32.2.* network,
2336which shows how SKIP is useful to exempt subnets/subdomains.  The
2337last two entries are for checks against ${client_name} if the IP
2338address doesn't resolve to a hostname (or is considered as "may be
2339forged").  That is, using square brackets means these are host
2340names, not network numbers.
2341
2342Warning: if you change the RFC 821 compliant error code from the default
2343value of 550, then you should probably also change the RFC 1893 compliant
2344error code to match it.  For example, if you use
2345
2346	To:user@example.com	ERROR:450 mailbox full
2347
2348the error returned would be "450 5.0.0 mailbox full" which is wrong.
2349Use "ERROR:4.2.2:450 mailbox full" instead.
2350
2351Note, UUCP users may need to add hostname.UUCP to the access database
2352or class {R}.
2353
2354If you also use:
2355
2356	FEATURE(`relay_hosts_only')
2357
2358then the above example will allow relaying for sendmail.org, but not
2359hosts within the sendmail.org domain.  Note that this will also require
2360hosts listed in class {R} to be fully qualified host names.
2361
2362You can also use the access database to block sender addresses based on
2363the username portion of the address.  For example:
2364
2365	From:FREE.STEALTH.MAILER@	ERROR:550 Spam not accepted
2366
2367Note that you must include the @ after the username to signify that
2368this database entry is for checking only the username portion of the
2369sender address.
2370
2371If you use:
2372
2373	FEATURE(`blacklist_recipients')
2374
2375then you can add entries to the map for local users, hosts in your
2376domains, or addresses in your domain which should not receive mail:
2377
2378	To:badlocaluser@	ERROR:550 Mailbox disabled for badlocaluser
2379	To:host.my.TLD		ERROR:550 That host does not accept mail
2380	To:user@other.my.TLD	ERROR:550 Mailbox disabled for this recipient
2381
2382This would prevent a recipient of badlocaluser in any of the local
2383domains (class {w}), any user at host.my.TLD, and the single address
2384user@other.my.TLD from receiving mail.  Please note: a local username
2385must be now tagged with an @ (this is consistent with the check of
2386the sender address, and hence it is possible to distinguish between
2387hostnames and usernames).  Enabling this feature will keep you from
2388sending mails to all addresses that have an error message or REJECT
2389as value part in the access map.  Taking the example from above:
2390
2391	spammer@aol.com		REJECT
2392	cyberspammer.com	REJECT
2393
2394Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
2395That's why tagged entries should be used.
2396
2397There are several DNS based blacklists, the first of which was
2398the RBL (``Realtime Blackhole List'') run by the MAPS project,
2399see http://mail-abuse.org/.  These are databases of spammers
2400maintained in DNS.  To use such a database, specify
2401
2402	FEATURE(`dnsbl')
2403
2404This will cause sendmail to reject mail from any site in the original
2405Realtime Blackhole List database.  This default DNS blacklist,
2406blackholes.mail-abuse.org, is a service offered by the Mail Abuse
2407Prevention System (MAPS).  As of July 31, 2001, MAPS is a subscription
2408service, so using that network address won't work if you haven't
2409subscribed.  Contact MAPS to subscribe (http://mail-abuse.org/).
2410
2411You can specify an alternative RBL server to check by specifying an
2412argument to the FEATURE.  The default error message is
2413
2414	Rejected: IP-ADDRESS listed at SERVER
2415
2416where IP-ADDRESS and SERVER are replaced by the appropriate
2417information.  A second argument can be used to specify a different
2418text.  By default, temporary lookup failures are ignored and hence
2419cause the connection not to be rejected by the DNS based rejection
2420list.  This behavior can be changed by specifying a third argument,
2421which must be either `t' or a full error message.  For example:
2422
2423	FEATURE(`dnsbl', `dnsbl.example.com', `',
2424	`"451 Temporary lookup failure for " $&{client_addr} " in dnsbl.example.com"')
2425
2426If `t' is used, the error message is:
2427
2428	451 Temporary lookup failure of IP-ADDRESS at SERVER
2429
2430where IP-ADDRESS and SERVER are replaced by the appropriate
2431information.
2432
2433This FEATURE can be included several times to query different
2434DNS based rejection lists, e.g., the dial-up user list (see
2435http://mail-abuse.org/dul/).
2436
2437Notice: to avoid checking your own local domains against those
2438blacklists, use the access_db feature and add:
2439
2440	Connect:10.1		OK
2441	Connect:127.0.0.1	RELAY
2442
2443to the access map, where 10.1 is your local network.  You may
2444want to use "RELAY" instead of "OK" to allow also relaying
2445instead of just disabling the DNS lookups in the blacklists.
2446
2447
2448The features described above make use of the check_relay, check_mail,
2449and check_rcpt rulesets.  Note that check_relay checks the SMTP
2450client hostname and IP address when the connection is made to your
2451server.  It does not check if a mail message is being relayed to
2452another server.  That check is done in check_rcpt.  If you wish to
2453include your own checks, you can put your checks in the rulesets
2454Local_check_relay, Local_check_mail, and Local_check_rcpt.  For
2455example if you wanted to block senders with all numeric usernames
2456(i.e. 2312343@bigisp.com), you would use Local_check_mail and the
2457regex map:
2458
2459	LOCAL_CONFIG
2460	Kallnumbers regex -a@MATCH ^[0-9]+$
2461
2462	LOCAL_RULESETS
2463	SLocal_check_mail
2464	# check address against various regex checks
2465	R$*				$: $>Parse0 $>3 $1
2466	R$+ < @ bigisp.com. > $*	$: $(allnumbers $1 $)
2467	R@MATCH				$#error $: 553 Header Error
2468
2469These rules are called with the original arguments of the corresponding
2470check_* ruleset.  If the local ruleset returns $#OK, no further checking
2471is done by the features described above and the mail is accepted.  If
2472the local ruleset resolves to a mailer (such as $#error or $#discard),
2473the appropriate action is taken.  Other results starting with $# are
2474interpreted by sendmail and may lead to unspecified behavior.  Note: do
2475NOT create a mailer with the name OK.  Return values that do not start
2476with $# are ignored, i.e., normal processing continues.
2477
2478Delay all checks
2479----------------
2480
2481By using FEATURE(`delay_checks') the rulesets check_mail and check_relay
2482will not be called when a client connects or issues a MAIL command,
2483respectively.  Instead, those rulesets will be called by the check_rcpt
2484ruleset; they will be skipped if a sender has been authenticated using
2485a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH().
2486If check_mail returns an error then the RCPT TO command will be rejected
2487with that error.  If it returns some other result starting with $# then
2488check_relay will be skipped.  If the sender address (or a part of it) is
2489listed in the access map and it has a RHS of OK or RELAY, then check_relay
2490will be skipped.  This has an interesting side effect: if your domain is
2491my.domain and you have
2492
2493	my.domain	RELAY
2494
2495in the access map, then any e-mail with a sender address of
2496<user@my.domain> will not be rejected by check_relay even though
2497it would match the hostname or IP address.  This allows spammers
2498to get around DNS based blacklist by faking the sender address.  To
2499avoid this problem you have to use tagged entries:
2500
2501	To:my.domain		RELAY
2502	Connect:my.domain	RELAY
2503
2504if you need those entries at all (class {R} may take care of them).
2505
2506FEATURE(`delay_checks') can take an optional argument:
2507
2508	FEATURE(`delay_checks', `friend')
2509		 enables spamfriend test
2510	FEATURE(`delay_checks', `hater')
2511		 enables spamhater test
2512
2513If such an argument is given, the recipient will be looked up in the
2514access map (using the tag Spam:).  If the argument is `friend', then
2515the default behavior is to apply the other rulesets and make a SPAM
2516friend the exception.  The rulesets check_mail and check_relay will be
2517skipped only if the recipient address is found and has RHS FRIEND.  If
2518the argument is `hater', then the default behavior is to skip the rulesets
2519check_mail and check_relay and make a SPAM hater the exception.  The
2520other two rulesets will be applied only if the recipient address is
2521found and has RHS HATER.
2522
2523This allows for simple exceptions from the tests, e.g., by activating
2524the friend option and having
2525
2526	Spam:abuse@	FRIEND
2527
2528in the access map, mail to abuse@localdomain will get through (where
2529"localdomain" is any domain in class {w}).  It is also possible to
2530specify a full address or an address with +detail:
2531
2532	Spam:abuse@my.domain	FRIEND
2533	Spam:me+abuse@		FRIEND
2534	Spam:spam.domain	FRIEND
2535
2536Note: The required tag has been changed in 8.12 from To: to Spam:.
2537This change is incompatible to previous versions.  However, you can
2538(for now) simply add the new entries to the access map, the old
2539ones will be ignored.  As soon as you removed the old entries from
2540the access map, specify a third parameter (`n') to this feature and
2541the backward compatibility rules will not be in the generated .cf
2542file.
2543
2544Header Checks
2545-------------
2546
2547You can also reject mail on the basis of the contents of headers.
2548This is done by adding a ruleset call to the 'H' header definition command
2549in sendmail.cf.  For example, this can be used to check the validity of
2550a Message-ID: header:
2551
2552	LOCAL_CONFIG
2553	HMessage-Id: $>CheckMessageId
2554
2555	LOCAL_RULESETS
2556	SCheckMessageId
2557	R< $+ @ $+ >		$@ OK
2558	R$*			$#error $: 553 Header Error
2559
2560The alternative format:
2561
2562	HSubject: $>+CheckSubject
2563
2564that is, $>+ instead of $>, gives the full Subject: header including
2565comments to the ruleset (comments in parentheses () are stripped
2566by default).
2567
2568A default ruleset for headers which don't have a specific ruleset
2569defined for them can be given by:
2570
2571	H*: $>CheckHdr
2572
2573Notice:
25741. All rules act on tokens as explained in doc/op/op.{me,ps,txt}.
2575That may cause problems with simple header checks due to the
2576tokenization.  It might be simpler to use a regex map and apply it
2577to $&{currHeader}.
25782. There are no default rulesets coming with this distribution of
2579sendmail.  You can either write your own or you can search the
2580WWW for examples, e.g.,  http://www.digitalanswers.org/check_local/
25813. When using a default ruleset for headers, the name of the header
2582currently being checked can be found in the $&{hdr_name} macro.
2583
2584After all of the headers are read, the check_eoh ruleset will be called for
2585any final header-related checks.  The ruleset is called with the number of
2586headers and the size of all of the headers in bytes separated by $|.  One
2587example usage is to reject messages which do not have a Message-Id:
2588header.  However, the Message-Id: header is *NOT* a required header and is
2589not a guaranteed spam indicator.  This ruleset is an example and should
2590probably not be used in production.
2591
2592	LOCAL_CONFIG
2593	Kstorage macro
2594	HMessage-Id: $>CheckMessageId
2595
2596	LOCAL_RULESETS
2597	SCheckMessageId
2598	# Record the presence of the header
2599	R$*			$: $(storage {MessageIdCheck} $@ OK $) $1
2600	R< $+ @ $+ >		$@ OK
2601	R$*			$#error $: 553 Header Error
2602
2603	Scheck_eoh
2604	# Check the macro
2605	R$*			$: < $&{MessageIdCheck} >
2606	# Clear the macro for the next message
2607	R$*			$: $(storage {MessageIdCheck} $) $1
2608	# Has a Message-Id: header
2609	R< $+ >			$@ OK
2610	# Allow missing Message-Id: from local mail
2611	R$*			$: < $&{client_name} >
2612	R< >			$@ OK
2613	R< $=w >		$@ OK
2614	# Otherwise, reject the mail
2615	R$*			$#error $: 553 Header Error
2616
2617
2618+--------------------+
2619| CONNECTION CONTROL |
2620+--------------------+
2621
2622The features ratecontrol and conncontrol allow to establish connection
2623limits per client IP address or net.  These features can limit the
2624rate of connections (connections per time unit) or the number of
2625incoming SMTP connections, respectively.  If enabled, appropriate
2626rulesets are called at the end of check_relay, i.e., after DNS
2627blacklists and generic access_db operations.  The features require
2628FEATURE(`access_db') to be listed earlier in the mc file.
2629
2630Note: FEATURE(`delay_checks') delays those connection control checks
2631after a recipient address has been received, hence making these
2632connection control features less useful.  To run the checks as early
2633as possible, specify the parameter `nodelay', e.g.,
2634
2635	FEATURE(`ratecontrol', `nodelay')
2636
2637In that case, FEATURE(`delay_checks') has no effect on connection
2638control (and it must be specified earlier in the mc file).
2639
2640An optional second argument `terminate' specifies whether the
2641rulesets should return the error code 421 which will cause
2642sendmail to terminate the session with that error if it is
2643returned from check_relay, i.e., not delayed as explained in
2644the previous paragraph.  Example:
2645
2646	FEATURE(`ratecontrol', `nodelay', `terminate')
2647
2648
2649+----------+
2650| STARTTLS |
2651+----------+
2652
2653In this text, cert will be used as an abbreviation for X.509 certificate,
2654DN (CN) is the distinguished (common) name of a cert, and CA is a
2655certification authority, which signs (issues) certs.
2656
2657For STARTTLS to be offered by sendmail you need to set at least
2658these variables (the file names and paths are just examples):
2659
2660	define(`confCACERT_PATH', `/etc/mail/certs/')
2661	define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
2662	define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
2663	define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')
2664
2665On systems which do not have the compile flag HASURANDOM set (see
2666sendmail/README) you also must set confRAND_FILE.
2667
2668See doc/op/op.{me,ps,txt} for more information about these options,
2669especially the sections ``Certificates for STARTTLS'' and ``PRNG for
2670STARTTLS''.
2671
2672Macros related to STARTTLS are:
2673
2674${cert_issuer} holds the DN of the CA (the cert issuer).
2675${cert_subject} holds the DN of the cert (called the cert subject).
2676${cn_issuer} holds the CN of the CA (the cert issuer).
2677${cn_subject} holds the CN of the cert (called the cert subject).
2678${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,
2679	TLSv1/SSLv3, SSLv3, SSLv2.
2680${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
2681	EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
2682${cipher_bits} the keylength (in bits) of the symmetric encryption algorithm
2683	used for the connection.
2684${verify} holds the result of the verification of the presented cert.
2685	Possible values are:
2686	OK	 verification succeeded.
2687	NO	 no cert presented.
2688	NOT	 no cert requested.
2689	FAIL	 cert presented but could not be verified,
2690		 e.g., the cert of the signing CA is missing.
2691	NONE	 STARTTLS has not been performed.
2692	TEMP	 temporary error occurred.
2693	PROTOCOL protocol error occurred (SMTP level).
2694	SOFTWARE STARTTLS handshake failed.
2695${server_name} the name of the server of the current outgoing SMTP
2696	connection.
2697${server_addr} the address of the server of the current outgoing SMTP
2698	connection.
2699
2700Relaying
2701--------
2702
2703SMTP STARTTLS can allow relaying for remote SMTP clients which have
2704successfully authenticated themselves.  If the verification of the cert
2705failed (${verify} != OK), relaying is subject to the usual rules.
2706Otherwise the DN of the issuer is looked up in the access map using the
2707tag CERTISSUER.  If the resulting value is RELAY, relaying is allowed.
2708If it is SUBJECT, the DN of the cert subject is looked up next in the
2709access map using the tag CERTSUBJECT.  If the value is RELAY, relaying
2710is allowed.
2711
2712To make things a bit more flexible (or complicated), the values for
2713${cert_issuer} and ${cert_subject} can be optionally modified by regular
2714expressions defined in the m4 variables _CERT_REGEX_ISSUER_ and
2715_CERT_REGEX_SUBJECT_, respectively.  To avoid problems with those macros in
2716rulesets and map lookups, they are modified as follows: each non-printable
2717character and the characters '<', '>', '(', ')', '"', '+', ' ' are replaced
2718by their HEX value with a leading '+'.  For example:
2719
2720/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/Email=
2721darth+cert@endmail.org
2722
2723is encoded as:
2724
2725/C=US/ST=California/O=endmail.org/OU=private/CN=
2726Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2727
2728(line breaks have been inserted for readability).
2729
2730The  macros  which are subject to this encoding are ${cert_subject},
2731${cert_issuer},  ${cn_subject},  and ${cn_issuer}.
2732
2733Examples:
2734
2735To allow relaying for everyone who can present a cert signed by
2736
2737/C=US/ST=California/O=endmail.org/OU=private/CN=
2738Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2739
2740simply use:
2741
2742CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2743Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	RELAY
2744
2745To allow relaying only for a subset of machines that have a cert signed by
2746
2747/C=US/ST=California/O=endmail.org/OU=private/CN=
2748Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
2749
2750use:
2751
2752CertIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=
2753Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org	SUBJECT
2754CertSubject:/C=US/ST=California/O=endmail.org/OU=private/CN=
2755DeathStar/Email=deathstar@endmail.org		RELAY
2756
2757Notes:
2758- line breaks have been inserted after "CN=" for readability,
2759  each tagged entry must be one (long) line in the access map.
2760- if OpenSSL 0.9.7 or newer is used then the "Email=" part of a DN
2761  is replaced by "emailAddress=".
2762
2763Of course it is also possible to write a simple ruleset that allows
2764relaying for everyone who can present a cert that can be verified, e.g.,
2765
2766LOCAL_RULESETS
2767SLocal_check_rcpt
2768R$*	$: $&{verify}
2769ROK	$# OK
2770
2771Allowing Connections
2772--------------------
2773
2774The rulesets tls_server, tls_client, and tls_rcpt are used to decide whether
2775an SMTP connection is accepted (or should continue).
2776
2777tls_server is called when sendmail acts as client after a STARTTLS command
2778(should) have been issued.  The parameter is the value of ${verify}.
2779
2780tls_client is called when sendmail acts as server, after a STARTTLS command
2781has been issued, and from check_mail.  The parameter is the value of
2782${verify} and STARTTLS or MAIL, respectively.
2783
2784Both rulesets behave the same.  If no access map is in use, the connection
2785will be accepted unless ${verify} is SOFTWARE, in which case the connection
2786is always aborted.  For tls_server/tls_client, ${client_name}/${server_name}
2787is looked up in the access map using the tag TLS_Srv/TLS_Clt, which is done
2788with the ruleset LookUpDomain.  If no entry is found, ${client_addr}
2789(${server_addr}) is looked up in the access map (same tag, ruleset
2790LookUpAddr).  If this doesn't result in an entry either, just the tag is
2791looked up in the access map (included the trailing colon).  Notice:
2792requiring that e-mail is sent to a server only encrypted, e.g., via
2793
2794TLS_Srv:secure.domain	ENCR:112
2795
2796doesn't necessarily mean that e-mail sent to that domain is encrypted.
2797If the domain has multiple MX servers, e.g.,
2798
2799secure.domain.	IN MX 10	mail.secure.domain.
2800secure.domain.	IN MX 50	mail.other.domain.
2801
2802then mail to user@secure.domain may go unencrypted to mail.other.domain.
2803tls_rcpt can be used to address this problem.
2804
2805tls_rcpt is called before a RCPT TO: command is sent.  The parameter is the
2806current recipient.  This ruleset is only defined if FEATURE(`access_db')
2807is selected.  A recipient address user@domain is looked up in the access
2808map in four formats: TLS_Rcpt:user@domain, TLS_Rcpt:user@, TLS_Rcpt:domain,
2809and TLS_Rcpt:; the first match is taken.
2810
2811The result of the lookups is then used to call the ruleset TLS_connection,
2812which checks the requirement specified by the RHS in the access map against
2813the actual parameters of the current TLS connection, esp. ${verify} and
2814${cipher_bits}.  Legal RHSs in the access map are:
2815
2816VERIFY		verification must have succeeded
2817VERIFY:bits	verification must have succeeded and ${cipher_bits} must
2818		be greater than or equal bits.
2819ENCR:bits	${cipher_bits} must be greater than or equal bits.
2820
2821The RHS can optionally be prefixed by TEMP+ or PERM+ to select a temporary
2822or permanent error.  The default is a temporary error code (403 4.7.0)
2823unless the macro TLS_PERM_ERR is set during generation of the .cf file.
2824
2825If a certain level of encryption is required, then it might also be
2826possible that this level is provided by the security layer from a SASL
2827algorithm, e.g., DIGEST-MD5.
2828
2829Furthermore, there can be a list of extensions added.  Such a list
2830starts with '+' and the items are separated by '++'.  Allowed
2831extensions are:
2832
2833CN:name		name must match ${cn_subject}
2834CN		${server_name} must match ${cn_subject}
2835CS:name		name must match ${cert_subject}
2836CI:name		name must match ${cert_issuer}
2837
2838Example: e-mail sent to secure.example.com should only use an encrypted
2839connection.  E-mail received from hosts within the laptop.example.com domain
2840should only be accepted if they have been authenticated.  The host which
2841receives e-mail for darth@endmail.org must present a cert that uses the
2842CN smtp.endmail.org.
2843
2844TLS_Srv:secure.example.com      ENCR:112
2845TLS_Clt:laptop.example.com      PERM+VERIFY:112
2846TLS_Rcpt:darth@endmail.org	ENCR:112+CN:smtp.endmail.org
2847
2848
2849Disabling STARTTLS And Setting SMTP Server Features
2850---------------------------------------------------
2851
2852By default STARTTLS is used whenever possible.  However, there are
2853some broken MTAs that don't properly implement STARTTLS.  To be able
2854to send to (or receive from) those MTAs, the ruleset try_tls
2855(srv_features) can be used that work together with the access map.
2856Entries for the access map must be tagged with Try_TLS (Srv_Features)
2857and refer to the hostname or IP address of the connecting system.
2858A default case can be specified by using just the tag.  For example,
2859the following entries in the access map:
2860
2861	Try_TLS:broken.server	NO
2862	Srv_Features:my.domain	v
2863	Srv_Features:		V
2864
2865will turn off STARTTLS when sending to broken.server (or any host
2866in that domain), and request a client certificate during the TLS
2867handshake only for hosts in my.domain.  The valid entries on the RHS
2868for Srv_Features are listed in the Sendmail Installation and
2869Operations Guide.
2870
2871
2872Received: Header
2873----------------
2874
2875The Received: header reveals whether STARTTLS has been used.  It contains an
2876extra line:
2877
2878(version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})
2879
2880
2881+--------------------------------+
2882| ADDING NEW MAILERS OR RULESETS |
2883+--------------------------------+
2884
2885Sometimes you may need to add entirely new mailers or rulesets.  They
2886should be introduced with the constructs MAILER_DEFINITIONS and
2887LOCAL_RULESETS respectively.  For example:
2888
2889	MAILER_DEFINITIONS
2890	Mmymailer, ...
2891	...
2892
2893	LOCAL_RULESETS
2894	Smyruleset
2895	...
2896
2897Note: you don't need to add a name for the ruleset, it is implicitly
2898defined by using the appropriate macro.
2899
2900
2901+-------------------------+
2902| ADDING NEW MAIL FILTERS |
2903+-------------------------+
2904
2905Sendmail supports mail filters to filter incoming SMTP messages according
2906to the "Sendmail Mail Filter API" documentation.  These filters can be
2907configured in your mc file using the two commands:
2908
2909	MAIL_FILTER(`name', `equates')
2910	INPUT_MAIL_FILTER(`name', `equates')
2911
2912The first command, MAIL_FILTER(), simply defines a filter with the given
2913name and equates.  For example:
2914
2915	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2916
2917This creates the equivalent sendmail.cf entry:
2918
2919	Xarchive, S=local:/var/run/archivesock, F=R
2920
2921The INPUT_MAIL_FILTER() command performs the same actions as MAIL_FILTER
2922but also populates the m4 variable `confINPUT_MAIL_FILTERS' with the name
2923of the filter such that the filter will actually be called by sendmail.
2924
2925For example, the two commands:
2926
2927	INPUT_MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2928	INPUT_MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2929
2930are equivalent to the three commands:
2931
2932	MAIL_FILTER(`archive', `S=local:/var/run/archivesock, F=R')
2933	MAIL_FILTER(`spamcheck', `S=inet:2525@localhost, F=T')
2934	define(`confINPUT_MAIL_FILTERS', `archive, spamcheck')
2935
2936In general, INPUT_MAIL_FILTER() should be used unless you need to define
2937more filters than you want to use for `confINPUT_MAIL_FILTERS'.
2938
2939Note that setting `confINPUT_MAIL_FILTERS' after any INPUT_MAIL_FILTER()
2940commands will clear the list created by the prior INPUT_MAIL_FILTER()
2941commands.
2942
2943
2944+-------------------------+
2945| QUEUE GROUP DEFINITIONS |
2946+-------------------------+
2947
2948In addition to the queue directory (which is the default queue group
2949called "mqueue"), sendmail can deal with multiple queue groups, which
2950are collections of queue directories with the same behaviour.  Queue
2951groups can be defined using the command:
2952
2953	QUEUE_GROUP(`name', `equates')
2954
2955For details about queue groups, please see doc/op/op.{me,ps,txt}.
2956
2957+-------------------------------+
2958| NON-SMTP BASED CONFIGURATIONS |
2959+-------------------------------+
2960
2961These configuration files are designed primarily for use by
2962SMTP-based sites.  They may not be well tuned for UUCP-only or
2963UUCP-primarily nodes (the latter is defined as a small local net
2964connected to the rest of the world via UUCP).  However, there is
2965one hook to handle some special cases.
2966
2967You can define a ``smart host'' that understands a richer address syntax
2968using:
2969
2970	define(`SMART_HOST', `mailer:hostname')
2971
2972In this case, the ``mailer:'' defaults to "relay".  Any messages that
2973can't be handled using the usual UUCP rules are passed to this host.
2974
2975If you are on a local SMTP-based net that connects to the outside
2976world via UUCP, you can use LOCAL_NET_CONFIG to add appropriate rules.
2977For example:
2978
2979	define(`SMART_HOST', `uucp-new:uunet')
2980	LOCAL_NET_CONFIG
2981	R$* < @ $* .$m. > $*	$#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3
2982
2983This will cause all names that end in your domain name ($m) to be sent
2984via SMTP; anything else will be sent via uucp-new (smart UUCP) to uunet.
2985If you have FEATURE(`nocanonify'), you may need to omit the dots after
2986the $m.  If you are running a local DNS inside your domain which is
2987not otherwise connected to the outside world, you probably want to
2988use:
2989
2990	define(`SMART_HOST', `smtp:fire.wall.com')
2991	LOCAL_NET_CONFIG
2992	R$* < @ $* . > $*	$#smtp $@ $2. $: $1 < @ $2. > $3
2993
2994That is, send directly only to things you found in your DNS lookup;
2995anything else goes through SMART_HOST.
2996
2997You may need to turn off the anti-spam rules in order to accept
2998UUCP mail with FEATURE(`promiscuous_relay') and
2999FEATURE(`accept_unresolvable_domains').
3000
3001
3002+-----------+
3003| WHO AM I? |
3004+-----------+
3005
3006Normally, the $j macro is automatically defined to be your fully
3007qualified domain name (FQDN).  Sendmail does this by getting your
3008host name using gethostname and then calling gethostbyname on the
3009result.  For example, in some environments gethostname returns
3010only the root of the host name (such as "foo"); gethostbyname is
3011supposed to return the FQDN ("foo.bar.com").  In some (fairly rare)
3012cases, gethostbyname may fail to return the FQDN.  In this case
3013you MUST define confDOMAIN_NAME to be your fully qualified domain
3014name.  This is usually done using:
3015
3016	Dmbar.com
3017	define(`confDOMAIN_NAME', `$w.$m')dnl
3018
3019
3020+-----------------------------------+
3021| ACCEPTING MAIL FOR MULTIPLE NAMES |
3022+-----------------------------------+
3023
3024If your host is known by several different names, you need to augment
3025class {w}.  This is a list of names by which your host is known, and
3026anything sent to an address using a host name in this list will be
3027treated as local mail.  You can do this in two ways:  either create the
3028file /etc/mail/local-host-names containing a list of your aliases (one per
3029line), and use ``FEATURE(`use_cw_file')'' in the .mc file, or add
3030``LOCAL_DOMAIN(`alias.host.name')''.  Be sure you use the fully-qualified
3031name of the host, rather than a short name.
3032
3033If you want to have different address in different domains, take
3034a look at the virtusertable feature, which is also explained at
3035http://www.sendmail.org/virtual-hosting.html
3036
3037
3038+--------------------+
3039| USING MAILERTABLES |
3040+--------------------+
3041
3042To use FEATURE(`mailertable'), you will have to create an external
3043database containing the routing information for various domains.
3044For example, a mailertable file in text format might be:
3045
3046	.my.domain		xnet:%1.my.domain
3047	uuhost1.my.domain	uucp-new:uuhost1
3048	.bitnet			smtp:relay.bit.net
3049
3050This should normally be stored in /etc/mail/mailertable.  The actual
3051database version of the mailertable is built using:
3052
3053	makemap hash /etc/mail/mailertable < /etc/mail/mailertable
3054
3055The semantics are simple.  Any LHS entry that does not begin with
3056a dot matches the full host name indicated.  LHS entries beginning
3057with a dot match anything ending with that domain name (including
3058the leading dot) -- that is, they can be thought of as having a
3059leading ".+" regular expression pattern for a non-empty sequence of
3060characters.  Matching is done in order of most-to-least qualified
3061-- for example, even though ".my.domain" is listed first in the
3062above example, an entry of "uuhost1.my.domain" will match the second
3063entry since it is more explicit.  Note: e-mail to "user@my.domain"
3064does not match any entry in the above table.  You need to have
3065something like:
3066
3067	my.domain		esmtp:host.my.domain
3068
3069The RHS should always be a "mailer:host" pair.  The mailer is the
3070configuration name of a mailer (that is, an M line in the
3071sendmail.cf file).  The "host" will be the hostname passed to
3072that mailer.  In domain-based matches (that is, those with leading
3073dots) the "%1" may be used to interpolate the wildcarded part of
3074the host name.  For example, the first line above sends everything
3075addressed to "anything.my.domain" to that same host name, but using
3076the (presumably experimental) xnet mailer.
3077
3078In some cases you may want to temporarily turn off MX records,
3079particularly on gateways.  For example, you may want to MX
3080everything in a domain to one machine that then forwards it
3081directly.  To do this, you might use the DNS configuration:
3082
3083	*.domain.	IN	MX	0	relay.machine
3084
3085and on relay.machine use the mailertable:
3086
3087	.domain		smtp:[gateway.domain]
3088
3089The [square brackets] turn off MX records for this host only.
3090If you didn't do this, the mailertable would use the MX record
3091again, which would give you an MX loop.  Note that the use of
3092wildcard MX records is almost always a bad idea.  Please avoid
3093using them if possible.
3094
3095
3096+--------------------------------+
3097| USING USERDB TO MAP FULL NAMES |
3098+--------------------------------+
3099
3100The user database was not originally intended for mapping full names
3101to login names (e.g., Eric.Allman => eric), but some people are using
3102it that way.  (it is recommended that you set up aliases for this
3103purpose instead -- since you can specify multiple alias files, this
3104is fairly easy.)  The intent was to locate the default maildrop at
3105a site, but allow you to override this by sending to a specific host.
3106
3107If you decide to set up the user database in this fashion, it is
3108imperative that you not use FEATURE(`stickyhost') -- otherwise,
3109e-mail sent to Full.Name@local.host.name will be rejected.
3110
3111To build the internal form of the user database, use:
3112
3113	makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
3114
3115As a general rule, it is an extremely bad idea to using full names
3116as e-mail addresses, since they are not in any sense unique.  For
3117example, the UNIX software-development community has at least two
3118well-known Peter Deutsches, and at one time Bell Labs had two
3119Stephen R. Bournes with offices along the same hallway.  Which one
3120will be forced to suffer the indignity of being Stephen_R_Bourne_2?
3121The less famous of the two, or the one that was hired later?
3122
3123Finger should handle full names (and be fuzzy).  Mail should use
3124handles, and not be fuzzy.
3125
3126
3127+--------------------------------+
3128| MISCELLANEOUS SPECIAL FEATURES |
3129+--------------------------------+
3130
3131Plussed users
3132	Sometimes it is convenient to merge configuration on a
3133	centralized mail machine, for example, to forward all
3134	root mail to a mail server.  In this case it might be
3135	useful to be able to treat the root addresses as a class
3136	of addresses with subtle differences.  You can do this
3137	using plussed users.  For example, a client might include
3138	the alias:
3139
3140		root:  root+client1@server
3141
3142	On the server, this will match an alias for "root+client1".
3143	If that is not found, the alias "root+*" will be tried,
3144	then "root".
3145
3146
3147+----------------+
3148| SECURITY NOTES |
3149+----------------+
3150
3151A lot of sendmail security comes down to you.  Sendmail 8 is much
3152more careful about checking for security problems than previous
3153versions, but there are some things that you still need to watch
3154for.  In particular:
3155
3156* Make sure the aliases file is not writable except by trusted
3157  system personnel.  This includes both the text and database
3158  version.
3159
3160* Make sure that other files that sendmail reads, such as the
3161  mailertable, are only writable by trusted system personnel.
3162
3163* The queue directory should not be world writable PARTICULARLY
3164  if your system allows "file giveaways" (that is, if a non-root
3165  user can chown any file they own to any other user).
3166
3167* If your system allows file giveaways, DO NOT create a publically
3168  writable directory for forward files.  This will allow anyone
3169  to steal anyone else's e-mail.  Instead, create a script that
3170  copies the .forward file from users' home directories once a
3171  night (if you want the non-NFS-mounted forward directory).
3172
3173* If your system allows file giveaways, you'll find that
3174  sendmail is much less trusting of :include: files -- in
3175  particular, you'll have to have /SENDMAIL/ANY/SHELL/ in
3176  /etc/shells before they will be trusted (that is, before
3177  files and programs listed in them will be honored).
3178
3179In general, file giveaways are a mistake -- if you can turn them
3180off, do so.
3181
3182
3183+--------------------------------+
3184| TWEAKING CONFIGURATION OPTIONS |
3185+--------------------------------+
3186
3187There are a large number of configuration options that don't normally
3188need to be changed.  However, if you feel you need to tweak them,
3189you can define the following M4 variables. Note that some of these
3190variables require formats that are defined in RFC 2821 or RFC 2822.
3191Before changing them you need to make sure you do not violate those
3192(and other relevant) RFCs.
3193
3194This list is shown in four columns:  the name you define, the default
3195value for that definition, the option or macro that is affected
3196(either Ox for an option or Dx for a macro), and a brief description.
3197
3198Some options are likely to be deprecated in future versions -- that is,
3199the option is only included to provide back-compatibility.  These are
3200marked with "*".
3201
3202Remember that these options are M4 variables, and hence may need to
3203be quoted.  In particular, arguments with commas will usually have to
3204be ``double quoted, like this phrase'' to avoid having the comma
3205confuse things.  This is common for alias file definitions and for
3206the read timeout.
3207
3208M4 Variable Name	Configuration	[Default] & Description
3209================	=============	=======================
3210confMAILER_NAME		$n macro	[MAILER-DAEMON] The sender name used
3211					for internally generated outgoing
3212					messages.
3213confDOMAIN_NAME		$j macro	If defined, sets $j.  This should
3214					only be done if your system cannot
3215					determine your local domain name,
3216					and then it should be set to
3217					$w.Foo.COM, where Foo.COM is your
3218					domain name.
3219confCF_VERSION		$Z macro	If defined, this is appended to the
3220					configuration version name.
3221confLDAP_CLUSTER	${sendmailMTACluster} macro
3222					If defined, this is the LDAP
3223					cluster to use for LDAP searches
3224					as described above in ``USING LDAP
3225					FOR ALIASES, MAPS, AND CLASSES''.
3226confFROM_HEADER		From:		[$?x$x <$g>$|$g$.] The format of an
3227					internally generated From: address.
3228confRECEIVED_HEADER	Received:
3229		[$?sfrom $s $.$?_($?s$|from $.$_)
3230			$.$?{auth_type}(authenticated)
3231			$.by $j ($v/$Z)$?r with $r$. id $i$?u
3232			for $u; $|;
3233			$.$b]
3234					The format of the Received: header
3235					in messages passed through this host.
3236					It is unwise to try to change this.
3237confMESSAGEID_HEADER	Message-Id:	[<$t.$i@$j>] The format of an
3238					internally generated Message-Id:
3239					header.
3240confCW_FILE		Fw class	[/etc/mail/local-host-names] Name
3241					of file used to get the local
3242					additions to class {w} (local host
3243					names).
3244confCT_FILE		Ft class	[/etc/mail/trusted-users] Name of
3245					file used to get the local additions
3246					to class {t} (trusted users).
3247confCR_FILE		FR class	[/etc/mail/relay-domains] Name of
3248					file used to get the local additions
3249					to class {R} (hosts allowed to relay).
3250confTRUSTED_USERS	Ct class	[no default] Names of users to add to
3251					the list of trusted users.  This list
3252					always includes root, uucp, and daemon.
3253					See also FEATURE(`use_ct_file').
3254confTRUSTED_USER	TrustedUser	[no default] Trusted user for file
3255					ownership and starting the daemon.
3256					Not to be confused with
3257					confTRUSTED_USERS (see above).
3258confSMTP_MAILER		-		[esmtp] The mailer name used when
3259					SMTP connectivity is required.
3260					One of "smtp", "smtp8",
3261					"esmtp", or "dsmtp".
3262confUUCP_MAILER		-		[uucp-old] The mailer to be used by
3263					default for bang-format recipient
3264					addresses.  See also discussion of
3265					class {U}, class {Y}, and class {Z}
3266					in the MAILER(`uucp') section.
3267confLOCAL_MAILER	-		[local] The mailer name used when
3268					local connectivity is required.
3269					Almost always "local".
3270confRELAY_MAILER	-		[relay] The default mailer name used
3271					for relaying any mail (e.g., to a
3272					BITNET_RELAY, a SMART_HOST, or
3273					whatever).  This can reasonably be
3274					"uucp-new" if you are on a
3275					UUCP-connected site.
3276confSEVEN_BIT_INPUT	SevenBitInput	[False] Force input to seven bits?
3277confEIGHT_BIT_HANDLING	EightBitMode	[pass8] 8-bit data handling
3278confALIAS_WAIT		AliasWait	[10m] Time to wait for alias file
3279					rebuild until you get bored and
3280					decide that the apparently pending
3281					rebuild failed.
3282confMIN_FREE_BLOCKS	MinFreeBlocks	[100] Minimum number of free blocks on
3283					queue filesystem to accept SMTP mail.
3284					(Prior to 8.7 this was minfree/maxsize,
3285					where minfree was the number of free
3286					blocks and maxsize was the maximum
3287					message size.  Use confMAX_MESSAGE_SIZE
3288					for the second value now.)
3289confMAX_MESSAGE_SIZE	MaxMessageSize	[infinite] The maximum size of messages
3290					that will be accepted (in bytes).
3291confBLANK_SUB		BlankSub	[.] Blank (space) substitution
3292					character.
3293confCON_EXPENSIVE	HoldExpensive	[False] Avoid connecting immediately
3294					to mailers marked expensive.
3295confCHECKPOINT_INTERVAL	CheckpointInterval
3296					[10] Checkpoint queue files every N
3297					recipients.
3298confDELIVERY_MODE	DeliveryMode	[background] Default delivery mode.
3299confERROR_MODE		ErrorMode	[print] Error message mode.
3300confERROR_MESSAGE	ErrorHeader	[undefined] Error message header/file.
3301confSAVE_FROM_LINES	SaveFromLine	Save extra leading From_ lines.
3302confTEMP_FILE_MODE	TempFileMode	[0600] Temporary file mode.
3303confMATCH_GECOS		MatchGECOS	[False] Match GECOS field.
3304confMAX_HOP		MaxHopCount	[25] Maximum hop count.
3305confIGNORE_DOTS*	IgnoreDots	[False; always False in -bs or -bd
3306					mode] Ignore dot as terminator for
3307					incoming messages?
3308confBIND_OPTS		ResolverOptions	[undefined] Default options for DNS
3309					resolver.
3310confMIME_FORMAT_ERRORS*	SendMimeErrors	[True] Send error messages as MIME-
3311					encapsulated messages per RFC 1344.
3312confFORWARD_PATH	ForwardPath	[$z/.forward.$w:$z/.forward]
3313					The colon-separated list of places to
3314					search for .forward files.  N.B.: see
3315					the Security Notes section.
3316confMCI_CACHE_SIZE	ConnectionCacheSize
3317					[2] Size of open connection cache.
3318confMCI_CACHE_TIMEOUT	ConnectionCacheTimeout
3319					[5m] Open connection cache timeout.
3320confHOST_STATUS_DIRECTORY HostStatusDirectory
3321					[undefined] If set, host status is kept
3322					on disk between sendmail runs in the
3323					named directory tree.  This need not be
3324					a full pathname, in which case it is
3325					interpreted relative to the queue
3326					directory.
3327confSINGLE_THREAD_DELIVERY  SingleThreadDelivery
3328					[False] If this option and the
3329					HostStatusDirectory option are both
3330					set, single thread deliveries to other
3331					hosts.  That is, don't allow any two
3332					sendmails on this host to connect
3333					simultaneously to any other single
3334					host.  This can slow down delivery in
3335					some cases, in particular since a
3336					cached but otherwise idle connection
3337					to a host will prevent other sendmails
3338					from connecting to the other host.
3339confUSE_ERRORS_TO*	UseErrorsTo	[False] Use the Errors-To: header to
3340					deliver error messages.  This should
3341					not be necessary because of general
3342					acceptance of the envelope/header
3343					distinction.
3344confLOG_LEVEL		LogLevel	[9] Log level.
3345confME_TOO		MeToo		[True] Include sender in group
3346					expansions.  This option is
3347					deprecated and will be removed from
3348					a future version.
3349confCHECK_ALIASES	CheckAliases	[False] Check RHS of aliases when
3350					running newaliases.  Since this does
3351					DNS lookups on every address, it can
3352					slow down the alias rebuild process
3353					considerably on large alias files.
3354confOLD_STYLE_HEADERS*	OldStyleHeaders	[True] Assume that headers without
3355					special chars are old style.
3356confPRIVACY_FLAGS	PrivacyOptions	[authwarnings] Privacy flags.
3357confCOPY_ERRORS_TO	PostmasterCopy	[undefined] Address for additional
3358					copies of all error messages.
3359confQUEUE_FACTOR	QueueFactor	[600000] Slope of queue-only function.
3360confQUEUE_FILE_MODE	QueueFileMode	[undefined] Default permissions for
3361					queue files (octal).  If not set,
3362					sendmail uses 0600 unless its real
3363					and effective uid are different in
3364					which case it uses 0644.
3365confDONT_PRUNE_ROUTES	DontPruneRoutes	[False] Don't prune down route-addr
3366					syntax addresses to the minimum
3367					possible.
3368confSAFE_QUEUE*		SuperSafe	[True] Commit all messages to disk
3369					before forking.
3370confTO_INITIAL		Timeout.initial	[5m] The timeout waiting for a response
3371					on the initial connect.
3372confTO_CONNECT		Timeout.connect	[0] The timeout waiting for an initial
3373					connect() to complete.  This can only
3374					shorten connection timeouts; the kernel
3375					silently enforces an absolute maximum
3376					(which varies depending on the system).
3377confTO_ICONNECT		Timeout.iconnect
3378					[undefined] Like Timeout.connect, but
3379					applies only to the very first attempt
3380					to connect to a host in a message.
3381					This allows a single very fast pass
3382					followed by more careful delivery
3383					attempts in the future.
3384confTO_ACONNECT		Timeout.aconnect
3385					[0] The overall timeout waiting for
3386					all connection for a single delivery
3387					attempt to succeed.  If 0, no overall
3388					limit is applied.
3389confTO_HELO		Timeout.helo	[5m] The timeout waiting for a response
3390					to a HELO or EHLO command.
3391confTO_MAIL		Timeout.mail	[10m] The timeout waiting for a
3392					response to the MAIL command.
3393confTO_RCPT		Timeout.rcpt	[1h] The timeout waiting for a response
3394					to the RCPT command.
3395confTO_DATAINIT		Timeout.datainit
3396					[5m] The timeout waiting for a 354
3397					response from the DATA command.
3398confTO_DATABLOCK	Timeout.datablock
3399					[1h] The timeout waiting for a block
3400					during DATA phase.
3401confTO_DATAFINAL	Timeout.datafinal
3402					[1h] The timeout waiting for a response
3403					to the final "." that terminates a
3404					message.
3405confTO_RSET		Timeout.rset	[5m] The timeout waiting for a response
3406					to the RSET command.
3407confTO_QUIT		Timeout.quit	[2m] The timeout waiting for a response
3408					to the QUIT command.
3409confTO_MISC		Timeout.misc	[2m] The timeout waiting for a response
3410					to other SMTP commands.
3411confTO_COMMAND		Timeout.command	[1h] In server SMTP, the timeout
3412					waiting	for a command to be issued.
3413confTO_IDENT		Timeout.ident	[5s] The timeout waiting for a
3414					response to an IDENT query.
3415confTO_FILEOPEN		Timeout.fileopen
3416					[60s] The timeout waiting for a file
3417					(e.g., :include: file) to be opened.
3418confTO_LHLO		Timeout.lhlo	[2m] The timeout waiting for a response
3419					to an LMTP LHLO command.
3420confTO_STARTTLS		Timeout.starttls
3421					[1h] The timeout waiting for a
3422					response to an SMTP STARTTLS command.
3423confTO_CONTROL		Timeout.control
3424					[2m] The timeout for a complete
3425					control socket transaction to complete.
3426confTO_QUEUERETURN	Timeout.queuereturn
3427					[5d] The timeout before a message is
3428					returned as undeliverable.
3429confTO_QUEUERETURN_NORMAL
3430			Timeout.queuereturn.normal
3431					[undefined] As above, for normal
3432					priority messages.
3433confTO_QUEUERETURN_URGENT
3434			Timeout.queuereturn.urgent
3435					[undefined] As above, for urgent
3436					priority messages.
3437confTO_QUEUERETURN_NONURGENT
3438			Timeout.queuereturn.non-urgent
3439					[undefined] As above, for non-urgent
3440					(low) priority messages.
3441confTO_QUEUERETURN_DSN
3442			Timeout.queuereturn.dsn
3443					[undefined] As above, for delivery
3444					status notification messages.
3445confTO_QUEUEWARN	Timeout.queuewarn
3446					[4h] The timeout before a warning
3447					message is sent to the sender telling
3448					them that the message has been
3449					deferred.
3450confTO_QUEUEWARN_NORMAL	Timeout.queuewarn.normal
3451					[undefined] As above, for normal
3452					priority messages.
3453confTO_QUEUEWARN_URGENT	Timeout.queuewarn.urgent
3454					[undefined] As above, for urgent
3455					priority messages.
3456confTO_QUEUEWARN_NONURGENT
3457			Timeout.queuewarn.non-urgent
3458					[undefined] As above, for non-urgent
3459					(low) priority messages.
3460confTO_QUEUEWARN_DSN
3461			Timeout.queuewarn.dsn
3462					[undefined] As above, for delivery
3463					status notification messages.
3464confTO_HOSTSTATUS	Timeout.hoststatus
3465					[30m] How long information about host
3466					statuses will be maintained before it
3467					is considered stale and the host should
3468					be retried.  This applies both within
3469					a single queue run and to persistent
3470					information (see below).
3471confTO_RESOLVER_RETRANS	Timeout.resolver.retrans
3472					[varies] Sets the resolver's
3473					retransmission time interval (in
3474					seconds).  Sets both
3475					Timeout.resolver.retrans.first and
3476					Timeout.resolver.retrans.normal.
3477confTO_RESOLVER_RETRANS_FIRST  Timeout.resolver.retrans.first
3478					[varies] Sets the resolver's
3479					retransmission time interval (in
3480					seconds) for the first attempt to
3481					deliver a message.
3482confTO_RESOLVER_RETRANS_NORMAL  Timeout.resolver.retrans.normal
3483					[varies] Sets the resolver's
3484					retransmission time interval (in
3485					seconds) for all resolver lookups
3486					except the first delivery attempt.
3487confTO_RESOLVER_RETRY	Timeout.resolver.retry
3488					[varies] Sets the number of times
3489					to retransmit a resolver query.
3490					Sets both
3491					Timeout.resolver.retry.first and
3492					Timeout.resolver.retry.normal.
3493confTO_RESOLVER_RETRY_FIRST  Timeout.resolver.retry.first
3494					[varies] Sets the number of times
3495					to retransmit a resolver query for
3496					the first attempt to deliver a
3497					message.
3498confTO_RESOLVER_RETRY_NORMAL  Timeout.resolver.retry.normal
3499					[varies] Sets the number of times
3500					to retransmit a resolver query for
3501					all resolver lookups except the
3502					first delivery attempt.
3503confTIME_ZONE		TimeZoneSpec	[USE_SYSTEM] Time zone info -- can be
3504					USE_SYSTEM to use the system's idea,
3505					USE_TZ to use the user's TZ envariable,
3506					or something else to force that value.
3507confDEF_USER_ID		DefaultUser	[1:1] Default user id.
3508confUSERDB_SPEC		UserDatabaseSpec
3509					[undefined] User database
3510					specification.
3511confFALLBACK_MX		FallbackMXhost	[undefined] Fallback MX host.
3512confFALLBACK_SMARTHOST	FallbackSmartHost
3513					[undefined] Fallback smart host.
3514confTRY_NULL_MX_LIST	TryNullMXList	[False] If this host is the best MX
3515					for a host and other arrangements
3516					haven't been made, try connecting
3517					to the host directly; normally this
3518					would be a config error.
3519confQUEUE_LA		QueueLA		[varies] Load average at which
3520					queue-only function kicks in.
3521					Default values is (8 * numproc)
3522					where numproc is the number of
3523					processors online (if that can be
3524					determined).
3525confREFUSE_LA		RefuseLA	[varies] Load average at which
3526					incoming SMTP connections are
3527					refused.  Default values is (12 *
3528					numproc) where numproc is the
3529					number of processors online (if
3530					that can be determined).
3531confREJECT_LOG_INTERVAL	RejectLogInterval	[3h] Log interval when
3532					refusing connections for this long.
3533confDELAY_LA		DelayLA		[0] Load average at which sendmail
3534					will sleep for one second on most
3535					SMTP commands and before accepting
3536					connections.  0 means no limit.
3537confMAX_ALIAS_RECURSION	MaxAliasRecursion
3538					[10] Maximum depth of alias recursion.
3539confMAX_DAEMON_CHILDREN	MaxDaemonChildren
3540					[undefined] The maximum number of
3541					children the daemon will permit.  After
3542					this number, connections will be
3543					rejected.  If not set or <= 0, there is
3544					no limit.
3545confMAX_HEADERS_LENGTH	MaxHeadersLength
3546					[32768] Maximum length of the sum
3547					of all headers.
3548confMAX_MIME_HEADER_LENGTH  MaxMimeHeaderLength
3549					[undefined] Maximum length of
3550					certain MIME header field values.
3551confCONNECTION_RATE_THROTTLE ConnectionRateThrottle
3552					[undefined] The maximum number of
3553					connections permitted per second per
3554					daemon.  After this many connections
3555					are accepted, further connections
3556					will be delayed.  If not set or <= 0,
3557					there is no limit.
3558confCONNECTION_RATE_WINDOW_SIZE ConnectionRateWindowSize
3559					[60s] Define the length of the
3560					interval for which the number of
3561					incoming connections is maintained.
3562confWORK_RECIPIENT_FACTOR
3563			RecipientFactor	[30000] Cost of each recipient.
3564confSEPARATE_PROC	ForkEachJob	[False] Run all deliveries in a
3565					separate process.
3566confWORK_CLASS_FACTOR	ClassFactor	[1800] Priority multiplier for class.
3567confWORK_TIME_FACTOR	RetryFactor	[90000] Cost of each delivery attempt.
3568confQUEUE_SORT_ORDER	QueueSortOrder	[Priority] Queue sort algorithm:
3569					Priority, Host, Filename, Random,
3570					Modification, or Time.
3571confMIN_QUEUE_AGE	MinQueueAge	[0] The minimum amount of time a job
3572					must sit in the queue between queue
3573					runs.  This allows you to set the
3574					queue run interval low for better
3575					responsiveness without trying all
3576					jobs in each run.
3577confDEF_CHAR_SET	DefaultCharSet	[unknown-8bit] When converting
3578					unlabeled 8 bit input to MIME, the
3579					character set to use by default.
3580confSERVICE_SWITCH_FILE	ServiceSwitchFile
3581					[/etc/mail/service.switch] The file
3582					to use for the service switch on
3583					systems that do not have a
3584					system-defined switch.
3585confHOSTS_FILE		HostsFile	[/etc/hosts] The file to use when doing
3586					"file" type access of hosts names.
3587confDIAL_DELAY		DialDelay	[0s] If a connection fails, wait this
3588					long and try again.  Zero means "don't
3589					retry".  This is to allow "dial on
3590					demand" connections to have enough time
3591					to complete a connection.
3592confNO_RCPT_ACTION	NoRecipientAction
3593					[none] What to do if there are no legal
3594					recipient fields (To:, Cc: or Bcc:)
3595					in the message.  Legal values can
3596					be "none" to just leave the
3597					nonconforming message as is, "add-to"
3598					to add a To: header with all the
3599					known recipients (which may expose
3600					blind recipients), "add-apparently-to"
3601					to do the same but use Apparently-To:
3602					instead of To: (strongly discouraged
3603					in accordance with IETF standards),
3604					"add-bcc" to add an empty Bcc:
3605					header, or "add-to-undisclosed" to
3606					add the header
3607					``To: undisclosed-recipients:;''.
3608confSAFE_FILE_ENV	SafeFileEnvironment
3609					[undefined] If set, sendmail will do a
3610					chroot() into this directory before
3611					writing files.
3612confCOLON_OK_IN_ADDR	ColonOkInAddr	[True unless Configuration Level > 6]
3613					If set, colons are treated as a regular
3614					character in addresses.  If not set,
3615					they are treated as the introducer to
3616					the RFC 822 "group" syntax.  Colons are
3617					handled properly in route-addrs.  This
3618					option defaults on for V5 and lower
3619					configuration files.
3620confMAX_QUEUE_RUN_SIZE	MaxQueueRunSize	[0] If set, limit the maximum size of
3621					any given queue run to this number of
3622					entries.  Essentially, this will stop
3623					reading each queue directory after this
3624					number of entries are reached; it does
3625					_not_ pick the highest priority jobs,
3626					so this should be as large as your
3627					system can tolerate.  If not set, there
3628					is no limit.
3629confMAX_QUEUE_CHILDREN	MaxQueueChildren
3630					[undefined] Limits the maximum number
3631					of concurrent queue runners active.
3632					This is to keep system resources used
3633					within a reasonable limit.  Relates to
3634					Queue Groups and ForkEachJob.
3635confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
3636					[1] Only active when MaxQueueChildren
3637					defined.  Controls the maximum number
3638					of queue runners (aka queue children)
3639					active at the same time in a work
3640					group.  See also MaxQueueChildren.
3641confDONT_EXPAND_CNAMES	DontExpandCnames
3642					[False] If set, $[ ... $] lookups that
3643					do DNS based lookups do not expand
3644					CNAME records.  This currently violates
3645					the published standards, but the IETF
3646					seems to be moving toward legalizing
3647					this.  For example, if "FTP.Foo.ORG"
3648					is a CNAME for "Cruft.Foo.ORG", then
3649					with this option set a lookup of
3650					"FTP" will return "FTP.Foo.ORG"; if
3651					clear it returns "Cruft.FOO.ORG".  N.B.
3652					you may not see any effect until your
3653					downstream neighbors stop doing CNAME
3654					lookups as well.
3655confFROM_LINE		UnixFromLine	[From $g $d] The From_ line used
3656					when sending to files or programs.
3657confSINGLE_LINE_FROM_HEADER  SingleLineFromHeader
3658					[False] From: lines that have
3659					embedded newlines are unwrapped
3660					onto one line.
3661confALLOW_BOGUS_HELO	AllowBogusHELO	[False] Allow HELO SMTP command that
3662					does not include a host name.
3663confMUST_QUOTE_CHARS	MustQuoteChars	[.'] Characters to be quoted in a full
3664					name phrase (@,;:\()[] are automatic).
3665confOPERATORS		OperatorChars	[.:%@!^/[]+] Address operator
3666					characters.
3667confSMTP_LOGIN_MSG	SmtpGreetingMessage
3668					[$j Sendmail $v/$Z; $b]
3669					The initial (spontaneous) SMTP
3670					greeting message.  The word "ESMTP"
3671					will be inserted between the first and
3672					second words to convince other
3673					sendmails to try to speak ESMTP.
3674confDONT_INIT_GROUPS	DontInitGroups	[False] If set, the initgroups(3)
3675					routine will never be invoked.  You
3676					might want to do this if you are
3677					running NIS and you have a large group
3678					map, since this call does a sequential
3679					scan of the map; in a large site this
3680					can cause your ypserv to run
3681					essentially full time.  If you set
3682					this, agents run on behalf of users
3683					will only have their primary
3684					(/etc/passwd) group permissions.
3685confUNSAFE_GROUP_WRITES	UnsafeGroupWrites
3686					[False] If set, group-writable
3687					:include: and .forward files are
3688					considered "unsafe", that is, programs
3689					and files cannot be directly referenced
3690					from such files.  World-writable files
3691					are always considered unsafe.
3692confCONNECT_ONLY_TO	ConnectOnlyTo	[undefined] override connection
3693					address (for testing).
3694confCONTROL_SOCKET_NAME	ControlSocketName
3695					[undefined] Control socket for daemon
3696					management.
3697confDOUBLE_BOUNCE_ADDRESS  DoubleBounceAddress
3698					[postmaster] If an error occurs when
3699					sending an error message, send that
3700					"double bounce" error message to this
3701					address.  If it expands to an empty
3702					string, double bounces are dropped.
3703confDEAD_LETTER_DROP	DeadLetterDrop	[undefined] Filename to save bounce
3704					messages which could not be returned
3705					to the user or sent to postmaster.
3706					If not set, the queue file will
3707					be renamed.
3708confRRT_IMPLIES_DSN	RrtImpliesDsn	[False] Return-Receipt-To: header
3709					implies DSN request.
3710confRUN_AS_USER		RunAsUser	[undefined] If set, become this user
3711					when reading and delivering mail.
3712					Causes all file reads (e.g., .forward
3713					and :include: files) to be done as
3714					this user.  Also, all programs will
3715					be run as this user, and all output
3716					files will be written as this user.
3717confMAX_RCPTS_PER_MESSAGE  MaxRecipientsPerMessage
3718					[infinite] If set, allow no more than
3719					the specified number of recipients in
3720					an SMTP envelope.  Further recipients
3721					receive a 452 error code (i.e., they
3722					are deferred for the next delivery
3723					attempt).
3724confBAD_RCPT_THROTTLE	BadRcptThrottle	[infinite] If set and the specified
3725					number of recipients in a single SMTP
3726					transaction have been rejected, sleep
3727					for one second after each subsequent
3728					RCPT command in that transaction.
3729confDONT_PROBE_INTERFACES  DontProbeInterfaces
3730					[False] If set, sendmail will _not_
3731					insert the names and addresses of any
3732					local interfaces into class {w}
3733					(list of known "equivalent" addresses).
3734					If you set this, you must also include
3735					some support for these addresses (e.g.,
3736					in a mailertable entry) -- otherwise,
3737					mail to addresses in this list will
3738					bounce with a configuration error.
3739					If set to "loopback" (without
3740					quotes), sendmail will skip
3741					loopback interfaces (e.g., "lo0").
3742confPID_FILE		PidFile		[system dependent] Location of pid
3743					file.
3744confPROCESS_TITLE_PREFIX  ProcessTitlePrefix
3745					[undefined] Prefix string for the
3746					process title shown on 'ps' listings.
3747confDONT_BLAME_SENDMAIL	DontBlameSendmail
3748					[safe] Override sendmail's file
3749					safety checks.  This will definitely
3750					compromise system security and should
3751					not be used unless absolutely
3752					necessary.
3753confREJECT_MSG		-		[550 Access denied] The message
3754					given if the access database contains
3755					REJECT in the value portion.
3756confRELAY_MSG		-		[550 Relaying denied] The message
3757					given if an unauthorized relaying
3758					attempt is rejected.
3759confDF_BUFFER_SIZE	DataFileBufferSize
3760					[4096] The maximum size of a
3761					memory-buffered data (df) file
3762					before a disk-based file is used.
3763confXF_BUFFER_SIZE	XScriptFileBufferSize
3764					[4096] The maximum size of a
3765					memory-buffered transcript (xf)
3766					file before a disk-based file is
3767					used.
3768confTLS_SRV_OPTIONS	TLSSrvOptions	If this option is 'V' no client
3769					verification is performed, i.e.,
3770					the server doesn't ask for a
3771					certificate.
3772confLDAP_DEFAULT_SPEC	LDAPDefaultSpec	[undefined] Default map
3773					specification for LDAP maps.  The
3774					value should only contain LDAP
3775					specific settings such as "-h host
3776					-p port -d bindDN", etc.  The
3777					settings will be used for all LDAP
3778					maps unless they are specified in
3779					the individual map specification
3780					('K' command).
3781confCACERT_PATH		CACertPath	[undefined] Path to directory
3782					with certs of CAs.
3783confCACERT		CACertFile	[undefined] File containing one CA
3784					cert.
3785confSERVER_CERT		ServerCertFile	[undefined] File containing the
3786					cert of the server, i.e., this cert
3787					is used when sendmail acts as
3788					server.
3789confSERVER_KEY		ServerKeyFile	[undefined] File containing the
3790					private key belonging to the server
3791					cert.
3792confCLIENT_CERT		ClientCertFile	[undefined] File containing the
3793					cert of the client, i.e., this cert
3794					is used when sendmail acts as
3795					client.
3796confCLIENT_KEY		ClientKeyFile	[undefined] File containing the
3797					private key belonging to the client
3798					cert.
3799confCRL			CRLFile		[undefined] File containing certificate
3800					revocation status, useful for X.509v3
3801					authentication. Note that CRL requires
3802					at least OpenSSL version 0.9.7.
3803confDH_PARAMETERS	DHParameters	[undefined] File containing the
3804					DH parameters.
3805confRAND_FILE		RandFile	[undefined] File containing random
3806					data (use prefix file:) or the
3807					name of the UNIX socket if EGD is
3808					used (use prefix egd:).  STARTTLS
3809					requires this option if the compile
3810					flag HASURANDOM is not set (see
3811					sendmail/README).
3812confNICE_QUEUE_RUN	NiceQueueRun	[undefined]  If set, the priority of
3813					queue runners is set the given value
3814					(nice(3)).
3815confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
3816					[undefined] Defines {daemon_flags}
3817					for direct submissions.
3818confUSE_MSP		UseMSP		[false] Use as mail submission
3819					program.
3820confDELIVER_BY_MIN	DeliverByMin	[0] Minimum time for Deliver By
3821					SMTP Service Extension (RFC 2852).
3822confREQUIRES_DIR_FSYNC	RequiresDirfsync	[true] RequiresDirfsync can
3823					be used to turn off the compile time
3824					flag REQUIRES_DIR_FSYNC at runtime.
3825					See sendmail/README for details.
3826confSHARED_MEMORY_KEY	SharedMemoryKey [0] Key for shared memory.
3827confFAST_SPLIT		FastSplit	[1] If set to a value greater than
3828					zero, the initial MX lookups on
3829					addresses is suppressed when they
3830					are sorted which may result in
3831					faster envelope splitting.  If the
3832					mail is submitted directly from the
3833					command line, then the value also
3834					limits the number of processes to
3835					deliver the envelopes.
3836confMAILBOX_DATABASE	MailboxDatabase	[pw] Type of lookup to find
3837					information about local mailboxes.
3838confDEQUOTE_OPTS	-		[empty] Additional options for the
3839					dequote map.
3840confINPUT_MAIL_FILTERS	InputMailFilters
3841					A comma separated list of filters
3842					which determines which filters and
3843					the invocation sequence are
3844					contacted for incoming SMTP
3845					messages.  If none are set, no
3846					filters will be contacted.
3847confMILTER_LOG_LEVEL	Milter.LogLevel	[9] Log level for input mail filter
3848					actions, defaults to LogLevel.
3849confMILTER_MACROS_CONNECT	Milter.macros.connect
3850					[j, _, {daemon_name}, {if_name},
3851					{if_addr}] Macros to transmit to
3852					milters when a session connection
3853					starts.
3854confMILTER_MACROS_HELO	Milter.macros.helo
3855					[{tls_version}, {cipher},
3856					{cipher_bits}, {cert_subject},
3857					{cert_issuer}] Macros to transmit to
3858					milters after HELO/EHLO command.
3859confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
3860					[i, {auth_type}, {auth_authen},
3861					{auth_ssf}, {auth_author},
3862					{mail_mailer}, {mail_host},
3863					{mail_addr}] Macros to transmit to
3864					milters after MAIL FROM command.
3865confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
3866					[{rcpt_mailer}, {rcpt_host},
3867					{rcpt_addr}] Macros to transmit to
3868					milters after RCPT TO command.
3869confMILTER_MACROS_EOM		Milter.macros.eom
3870					[{msg_id}] Macros to transmit to
3871					milters after DATA command.
3872
3873
3874See also the description of OSTYPE for some parameters that can be
3875tweaked (generally pathnames to mailers).
3876
3877ClientPortOptions and DaemonPortOptions are special cases since multiple
3878clients/daemons can be defined.  This can be done via
3879
3880	CLIENT_OPTIONS(`field1=value1,field2=value2,...')
3881	DAEMON_OPTIONS(`field1=value1,field2=value2,...')
3882
3883Note that multiple CLIENT_OPTIONS() commands (and therefore multiple
3884ClientPortOptions settings) are allowed in order to give settings for each
3885protocol family (e.g., one for Family=inet and one for Family=inet6).  A
3886restriction placed on one family only affects outgoing connections on that
3887particular family.
3888
3889If DAEMON_OPTIONS is not used, then the default is
3890
3891	DAEMON_OPTIONS(`Port=smtp, Name=MTA')
3892	DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
3893
3894If you use one DAEMON_OPTIONS macro, it will alter the parameters
3895of the first of these.  The second will still be defaulted; it
3896represents a "Message Submission Agent" (MSA) as defined by RFC
38972476 (see below).  To turn off the default definition for the MSA,
3898use FEATURE(`no_default_msa') (see also FEATURES).  If you use
3899additional DAEMON_OPTIONS macros, they will add additional daemons.
3900
3901Example 1:  To change the port for the SMTP listener, while
3902still using the MSA default, use
3903	DAEMON_OPTIONS(`Port=925, Name=MTA')
3904
3905Example 2:  To change the port for the MSA daemon, while still
3906using the default SMTP port, use
3907	FEATURE(`no_default_msa')
3908	DAEMON_OPTIONS(`Name=MTA')
3909	DAEMON_OPTIONS(`Port=987, Name=MSA, M=E')
3910
3911Note that if the first of those DAEMON_OPTIONS lines were omitted, then
3912there would be no listener on the standard SMTP port.
3913
3914Example 3: To listen on both IPv4 and IPv6 interfaces, use
3915
3916	DAEMON_OPTIONS(`Name=MTA-v4, Family=inet')
3917	DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6')
3918
3919A "Message Submission Agent" still uses all of the same rulesets for
3920processing the message (and therefore still allows message rejection via
3921the check_* rulesets).  In accordance with the RFC, the MSA will ensure
3922that all domains in envelope addresses are fully qualified if the message
3923is relayed to another MTA.  It will also enforce the normal address syntax
3924rules and log error messages.  Additionally, by using the M=a modifier you
3925can require authentication before messages are accepted by the MSA.
3926Notice: Do NOT use the 'a' modifier on a public accessible MTA!  Finally,
3927the M=E modifier shown above disables ETRN as required by RFC 2476.
3928
3929Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER()
3930commands:
3931
3932	INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock')
3933	MAIL_FILTER(`myfilter', `S=inet:3333@localhost')
3934
3935The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the
3936same order they were specified by also setting confINPUT_MAIL_FILTERS.  A
3937filter can be defined without adding it to the input filter list by using
3938MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file.
3939Alternatively, you can reset the list of filters and their order by setting
3940confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in
3941your .mc file.
3942
3943
3944+----------------------------+
3945| MESSAGE SUBMISSION PROGRAM |
3946+----------------------------+
3947
3948This section contains a list of caveats and
3949a few hints how for those who want to tweak the default configuration
3950for it (which is installed as submit.cf).
3951
3952Notice: do not add options/features to submit.mc unless you are
3953absolutely sure you need them.  Options you may want to change
3954include:
3955
3956- confTRUSTED_USERS, FEATURE(`use_ct_file'), and confCT_FILE for
3957  avoiding X-Authentication warnings.
3958- confTIME_ZONE to change it from the default `USE_TZ'.
3959- confDELIVERY_MODE is set to interactive in msp.m4 instead
3960  of the default background mode.
3961- FEATURE(stickyhost) and LOCAL_RELAY to send unqualified addresses
3962  to the LOCAL_RELAY instead of the default relay.
3963
3964The MSP performs hostname canonicalization by default.  Mail may end
3965up for various DNS related reasons in the MSP queue.  This problem
3966can be minimized by using
3967
3968	FEATURE(`nocanonify', `canonify_hosts')
3969	define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
3970
3971See the discussion about nocanonify for possible side effects.
3972
3973Some things are not intended to work with the MSP.  These include
3974features that influence the delivery process (e.g., mailertable,
3975aliases), or those that are only important for a SMTP server (e.g.,
3976virtusertable, DaemonPortOptions, multiple queues).  Moreover,
3977relaxing certain restrictions (RestrictQueueRun, permissions on
3978queue directory) or adding features (e.g., enabling prog/file mailer)
3979can cause security problems.
3980
3981Other things don't work well with the MSP and require tweaking or
3982workarounds.
3983
3984The file and the map created by makemap should be owned by smmsp,
3985its group should be smmsp, and it should have mode 640.
3986
3987feature/msp.m4 defines almost all settings for the MSP.  Most of
3988those should not be changed at all.  Some of the features and options
3989can be overridden if really necessary.  It is a bit tricky to do
3990this, because it depends on the actual way the option is defined
3991in feature/msp.m4.  If it is directly defined (i.e., define()) then
3992the modified value must be defined after
3993
3994	FEATURE(`msp')
3995
3996If it is conditionally defined (i.e., ifdef()) then the desired
3997value must be defined before the FEATURE line in the .mc file.
3998To see how the options are defined read feature/msp.m4.
3999
4000
4001+--------------------------+
4002| FORMAT OF FILES AND MAPS |
4003+--------------------------+
4004
4005Files that define classes, i.e., F{classname}, consist of lines
4006each of which contains a single element of the class.  For example,
4007/etc/mail/local-host-names may have the following content:
4008
4009my.domain
4010another.domain
4011
4012Maps must be created using makemap(8) , e.g.,
4013
4014	makemap hash MAP < MAP
4015
4016In general, a text file from which a map is created contains lines
4017of the form
4018
4019key	value
4020
4021where 'key' and 'value' are also called LHS and RHS, respectively.
4022By default, the delimiter between LHS and RHS is a non-empty sequence
4023of white space characters.
4024
4025
4026+------------------+
4027| DIRECTORY LAYOUT |
4028+------------------+
4029
4030Within this directory are several subdirectories, to wit:
4031
4032m4		General support routines.  These are typically
4033		very important and should not be changed without
4034		very careful consideration.
4035
4036cf		The configuration files themselves.  They have
4037		".mc" suffixes, and must be run through m4 to
4038		become complete.  The resulting output should
4039		have a ".cf" suffix.
4040
4041ostype		Definitions describing a particular operating
4042		system type.  These should always be referenced
4043		using the OSTYPE macro in the .mc file.  Examples
4044		include "bsd4.3", "bsd4.4", "sunos3.5", and
4045		"sunos4.1".
4046
4047domain		Definitions describing a particular domain, referenced
4048		using the DOMAIN macro in the .mc file.  These are
4049		site dependent; for example, "CS.Berkeley.EDU.m4"
4050		describes hosts in the CS.Berkeley.EDU subdomain.
4051
4052mailer		Descriptions of mailers.  These are referenced using
4053		the MAILER macro in the .mc file.
4054
4055sh		Shell files used when building the .cf file from the
4056		.mc file in the cf subdirectory.
4057
4058feature		These hold special orthogonal features that you might
4059		want to include.  They should be referenced using
4060		the FEATURE macro.
4061
4062hack		Local hacks.  These can be referenced using the HACK
4063		macro.  They shouldn't be of more than voyeuristic
4064		interest outside the .Berkeley.EDU domain, but who knows?
4065
4066siteconfig	Site configuration -- e.g., tables of locally connected
4067		UUCP sites.
4068
4069
4070+------------------------+
4071| ADMINISTRATIVE DETAILS |
4072+------------------------+
4073
4074The following sections detail usage of certain internal parts of the
4075sendmail.cf file.  Read them carefully if you are trying to modify
4076the current model.  If you find the above descriptions adequate, these
4077should be {boring, confusing, tedious, ridiculous} (pick one or more).
4078
4079RULESETS (* means built in to sendmail)
4080
4081   0 *	Parsing
4082   1 *	Sender rewriting
4083   2 *	Recipient rewriting
4084   3 *	Canonicalization
4085   4 *	Post cleanup
4086   5 *	Local address rewrite (after aliasing)
4087  1x	mailer rules (sender qualification)
4088  2x	mailer rules (recipient qualification)
4089  3x	mailer rules (sender header qualification)
4090  4x	mailer rules (recipient header qualification)
4091  5x	mailer subroutines (general)
4092  6x	mailer subroutines (general)
4093  7x	mailer subroutines (general)
4094  8x	reserved
4095  90	Mailertable host stripping
4096  96	Bottom half of Ruleset 3 (ruleset 6 in old sendmail)
4097  97	Hook for recursive ruleset 0 call (ruleset 7 in old sendmail)
4098  98	Local part of ruleset 0 (ruleset 8 in old sendmail)
4099
4100
4101MAILERS
4102
4103   0	local, prog	local and program mailers
4104   1	[e]smtp, relay	SMTP channel
4105   2	uucp-*		UNIX-to-UNIX Copy Program
4106   3	netnews		Network News delivery
4107   4	fax		Sam Leffler's HylaFAX software
4108   5	mail11		DECnet mailer
4109
4110
4111MACROS
4112
4113   A
4114   B	Bitnet Relay
4115   C	DECnet Relay
4116   D	The local domain -- usually not needed
4117   E	reserved for X.400 Relay
4118   F	FAX Relay
4119   G
4120   H	mail Hub (for mail clusters)
4121   I
4122   J
4123   K
4124   L	Luser Relay
4125   M	Masquerade (who you claim to be)
4126   N
4127   O
4128   P
4129   Q
4130   R	Relay (for unqualified names)
4131   S	Smart Host
4132   T
4133   U	my UUCP name (if you have a UUCP connection)
4134   V	UUCP Relay (class {V} hosts)
4135   W	UUCP Relay (class {W} hosts)
4136   X	UUCP Relay (class {X} hosts)
4137   Y	UUCP Relay (all other hosts)
4138   Z	Version number
4139
4140
4141CLASSES
4142
4143   A
4144   B	domains that are candidates for bestmx lookup
4145   C
4146   D
4147   E	addresses that should not seem to come from $M
4148   F	hosts this system forward for
4149   G	domains that should be looked up in genericstable
4150   H
4151   I
4152   J
4153   K
4154   L	addresses that should not be forwarded to $R
4155   M	domains that should be mapped to $M
4156   N	host/domains that should not be mapped to $M
4157   O	operators that indicate network operations (cannot be in local names)
4158   P	top level pseudo-domains: BITNET, DECNET, FAX, UUCP, etc.
4159   Q
4160   R	domains this system is willing to relay (pass anti-spam filters)
4161   S
4162   T
4163   U	locally connected UUCP hosts
4164   V	UUCP hosts connected to relay $V
4165   W	UUCP hosts connected to relay $W
4166   X	UUCP hosts connected to relay $X
4167   Y	locally connected smart UUCP hosts
4168   Z	locally connected domain-ized UUCP hosts
4169   .	the class containing only a dot
4170   [	the class containing only a left bracket
4171
4172
4173M4 DIVERSIONS
4174
4175   1	Local host detection and resolution
4176   2	Local Ruleset 3 additions
4177   3	Local Ruleset 0 additions
4178   4	UUCP Ruleset 0 additions
4179   5	locally interpreted names (overrides $R)
4180   6	local configuration (at top of file)
4181   7	mailer definitions
4182   8	DNS based blacklists
4183   9	special local rulesets (1 and 2)
4184
4185$Revision: 8.694 $, Last updated $Date: 2005/03/23 21:41:09 $
4186ident	"%Z%%M%	%I%	%E% SMI"
4187